CVE Catalog

CVE-2026-25714

MediumCVSS 4.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.26.1 causes inconsistent filtering of public-only tokens in the user organization API, leaving an incomplete fix for CVE-2025-68941.

Risk Assessment

The risk involves potential unauthorized access to organization data via tokens that should be restricted to public-only operations, possibly leading to sensitive information disclosure.

Recommendation

It is recommended to immediately upgrade Gitea to a version later than 1.26.1 that includes a complete fix for this issue.

Original NVD description (English source)

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS