CVE Catalog
CVE-2026-25038
Low risk· EPSS 10%Exploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
In Gitea 1.26.2, unauthorized users can access labels of private organizations. This vulnerability allows information disclosure of labels that should be restricted to organization members.
Risk Assessment
The risk involves unauthorized disclosure of private organization labels, potentially leaking sensitive information about projects and internal processes.
Recommendation
Immediately upgrade Gitea to version 1.26.3 or later, which includes a fix for this vulnerability. Also review access permission configurations for organizations.
Original NVD description (English source)
Gitea 1.26.2 allows unauthorized users to access labels of private organizations.

