CVE-2026-26231
Gitea · Gitea Open Source Git Server
Gitea is susceptible to an authorization bypass where authenticated low-privilege users can push unauthorized commits to repositories by abusing the pull request maintainer edit flag.
Executive summary
A critical authorization bypass vulnerability in Gitea allows authenticated low-privileged users to perform unauthorized write operations on repositories.
Vulnerability
This is an authorization bypass vulnerability affecting the "Allow edits from maintainers" feature. An authenticated user with read-only access can exploit this by using reverse-fork pull requests to push commits to an upstream repository without proper write-access validation.
Business impact
The ability for unauthorized users to push arbitrary code to repositories poses a severe risk to software supply chain integrity. With a CVSS score of 8.5, this vulnerability could lead to the injection of malicious code, backdoors, or the corruption of production-ready source code, resulting in significant reputational damage and potential system compromise.
Remediation
Immediate Action: Upgrade all Gitea instances to version 1.26.2 or later to resolve the authorization logic flaw.
Proactive Monitoring: Review repository commit logs for suspicious activity or unexpected contributions from users who do not hold write permissions.
Compensating Controls: Strictly enforce branch protection rules and require signed commits to ensure that only authorized changes are merged into critical branches.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high CVSS score of 8.5, this vulnerability represents a significant risk to development environments. Organizations should prioritize the update to Gitea 1.26.2 immediately to prevent unauthorized code injection and maintain the integrity of their Git workflows.