CVE Catalog

CVE-2026-24690

Low risk· EPSS 5%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

The vulnerability in Gitea versions before 1.25.5 is due to insufficient permission checks when updating or rebasing pull request branches. This allows unauthorized users to modify branches without proper permissions.

Risk Assessment

The organization is at risk of unauthorized changes to source code, which could lead to injection of malicious code or compromise of repository integrity.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which includes a fix for the insufficient permission check vulnerability.

Original NVD description (English source)

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS