CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.
Configurations

No configuration.

History

07 Jul 2026, 18:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

03 Jul 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 21:16

Updated : 2026-07-07 18:16


NVD link : CVE-2026-25782

Mitre link : CVE-2026-25782

CVE.ORG link : CVE-2026-25782


JSON object : View

Products Affected

No product.

CWE
CWE-639

Authorization Bypass Through User-Controlled Key