Lifecycle Timeline
1DescriptionCVE.org
Notification API leaks private issue metadata after access revocation
Analysis
Notification API leaks private issue metadata after access revocation
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gitea Open Source Git Server
View allBroken access control in Gitea's Composer package registry (versions up to and including 1.26.1) lets remote attackers r
Reverse-proxy authentication bypass in the official Gitea Docker image (versions up to and including 1.26.2) allows any
Cross-repository information disclosure and cross-task tampering in Gitea's self-hosted Git server (fixed in v1.26.2) ar
Server-side request forgery in Gitea versions up to and including 1.26.2 lets authenticated users abuse incomplete allow
Authorization bypass in Gitea's Gitea Actions fork pull-request approval gate lets a low-privileged contributor permanen
Authentication bypass in Gitea's Git LFS (Large File Storage) SSH handling allows a low-privileged authenticated user to
Broken authorization in Gitea (self-hosted Git service) versions up to and including 1.26.2 lets a user who holds genera
TOTP two-factor authentication replay in Gitea 1.5.0 through 1.26.2 lets a captured valid one-time code be accepted mult
Server-Side Request Forgery (SSRF) via HTTP redirect in Gitea's repository migration feature affects all versions throug
Gitea's repository RSS and Atom feed endpoints fail to enforce API token scope checks, exposing private repository commi
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41603