CVE Catalog
CVE-2026-27660
Low risk· EPSS 6%Exploitation Probability (EPSS)
Low risk0.17%
6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability in Gitea before version 1.25.5 allows draft release data or attachments to be accessed without the required write permission.
Risk Assessment
An unauthorized user can read confidential data or attachments intended only for draft release authors, leading to information disclosure.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which fixes this vulnerability.
Original NVD description (English source)
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission.

