CVE-2026-27657

Gitea · Gitea Open Source Git Server

Gitea versions before 1.25.5 contain an authorization bypass vulnerability allowing an attacker to modify the primary email address of other users.

Executive summary

A critical authorization bypass vulnerability in Gitea Open Source Git Server allows unauthorized modification of user account information, posing a significant risk to account integrity.

Vulnerability

This vulnerability is categorized as CWE-639 (Authorization Bypass Through User-Controlled Key). It permits an unauthenticated attacker to manipulate the primary email settings of arbitrary users, effectively enabling account takeover vectors.

Business impact

The vulnerability carries a CVSS score of 7.5, indicating a high severity risk. Successful exploitation could allow malicious actors to hijack user accounts by modifying primary email addresses, leading to unauthorized access to sensitive source code repositories and potentially facilitating further lateral movement within the development environment.

Remediation

Immediate Action: Upgrade all Gitea instances to version 1.25.5 or later immediately to resolve the authorization flaw.

Proactive Monitoring: Review audit logs for unusual account modifications, specifically looking for unexpected changes to user profile email addresses or suspicious administrative activity.

Compensating Controls: Implement strict network access controls to limit exposure of the Gitea interface to untrusted networks and utilize a Web Application Firewall (WAF) to block anomalous HTTP requests targeting profile management endpoints.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the high impact of authorization bypass vulnerabilities in source control systems, administrators must prioritize the update to version 1.25.5. Organizations using Gitea should treat this as a high-priority maintenance task to prevent potential account takeovers and the resulting compromise of intellectual property.