CVE Catalog
CVE-2026-22555
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.30%
22th percentile — higher than 22% of all known CVEs
Summary
A vulnerability in Gitea before version 1.26.0 allows API users to fork a repository into an organization without passing the CanCreateOrgRepo check, potentially exposing organization secrets.
Risk Assessment
The risk involves unauthorized access to repositories and potential leakage of sensitive organizational data, such as API keys or passwords.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.26.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.

