CVE-2026-27761

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope.
Configurations

No configuration.

History

07 Jul 2026, 18:16

Type Values Removed Values Added
References () https://github.com/go-gitea/gitea/security/advisories/GHSA-3pww-vcvm-3gmj - () https://github.com/go-gitea/gitea/security/advisories/GHSA-3pww-vcvm-3gmj -

03 Jul 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 21:16

Updated : 2026-07-07 18:16


NVD link : CVE-2026-27761

Mitre link : CVE-2026-27761

CVE.ORG link : CVE-2026-27761


JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization