CVE-2026-22547
Gitea · Gitea Open Source Git Server
Gitea versions before 1.25.5 contain an improper input validation vulnerability in repository creation fields, potentially allowing unauthorized data manipulation.
Executive summary
A critical input validation vulnerability in Gitea versions before 1.25.5 allows unauthenticated attackers to manipulate repository creation parameters, posing a risk to data integrity.
Vulnerability
The software fails to enforce sufficient validation constraints (CWE-20) on repository creation fields, specifically regarding length-limited template fields, trust models, and object format values. This flaw allows an attacker to submit malformed input that the application processes incorrectly, leading to potential unauthorized access or configuration tampering.
Business impact
With a CVSS score of 9.1, this vulnerability is classified as Critical. Successful exploitation could lead to unauthorized access to sensitive code repositories, potential data exposure, or the injection of malicious configurations into the development pipeline. Given the role of Gitea as a central Git server, the integrity of the entire software development lifecycle is at risk.
Remediation
Immediate Action: Upgrade your Gitea instance to version 1.25.5 or later immediately to apply the necessary input validation constraints.
Proactive Monitoring: Review application access logs for unusual repository creation requests or attempts to inject large or malformed data into configuration fields.
Compensating Controls: Implement a Web Application Firewall (WAF) with strict input validation rules to filter out anomalous payloads targeting repository creation endpoints.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The high severity of this vulnerability necessitates an immediate update to version 1.25.5. Organizations should ensure their Gitea instances are patched promptly to prevent unauthorized manipulation of repository settings and to maintain the security posture of their development environment.