Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
References
Configurations
No configuration.
History
03 Jul 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-03 21:16
Updated : 2026-07-07 18:16
NVD link : CVE-2026-27771
Mitre link : CVE-2026-27771
CVE.ORG link : CVE-2026-27771
JSON object : View
Products Affected
No product.
CWE
CWE-862
Missing Authorization
