CVE-2026-26231
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.26.1 allows users with read-only access to a repository to authorize commits via the 'Allow edits from maintainers' permission path. This bypasses intended write restrictions.
Risk Assessment
The risk is that an unauthorized user can modify code in a repository they should only be able to read, potentially leading to integrity breaches and unauthorized changes.
Recommendation
Immediately upgrade Gitea to version 1.26.2 or later, which includes a fix for this vulnerability. Also review repository permission configurations.
Original NVD description (English source)
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.

