CVE-2026-27775
Gitea · Gitea Open Source Git Server
A cache misconfiguration in Gitea 1.25.5 allows authenticated users to escalate privileges by reusing branch-specific write permissions across unauthorized repository references.
Executive summary
A privilege escalation vulnerability in Gitea 1.25.5 could allow an authenticated user to gain unauthorized full write access to a repository.
Vulnerability
This is an improper authorization flaw (CWE-863) where the application incorrectly caches write-permission results during a pre-receive hook session, allowing authenticated users with limited scope to bypass access controls.
Business impact
Successful exploitation allows a low-privileged user to modify code, inject malicious commits, or disrupt project integrity, leading to potential supply chain compromise. With a CVSS score of 8.8, this high-severity flaw poses a significant risk to development environments, as it undermines the fundamental access control mechanisms protecting source code repositories.
Remediation
Immediate Action: Upgrade Gitea to version 1.26.3 or later to apply the necessary security patches.
Proactive Monitoring: Review repository access logs for unusual commit activity or unauthorized modifications made by users outside of their assigned branches.
Compensating Controls: Implement strict branch protection rules and enforce mandatory code reviews for all incoming changes to limit the impact of potential unauthorized writes.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Given the critical nature of repository integrity, organizations utilizing Gitea must prioritize this update immediately. Failure to patch allows authenticated users to potentially gain unauthorized control over the entire codebase, necessitating an urgent deployment of the available fix.