CVE-2026-0798

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gitea (affected versions not specified)

Description Gitea may send release notification emails for private repositories to users whose access has been revoked. This occurs when a repository is changed from public to private, potentially disclosing release titles, tags, and content to users who previously watched the repository.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BIT-GITEA-2026-0798

CVE-2026-0798

GHSA-8FWC-QJW5-RVGP

GHSA-F4WQ-6WW5-M56P

GO-2026-4365

SUSE-SU-2026:0403-1

Affected Products

Gitea

Red Os

CVE-2026-0798

Weakness Enumeration

Related Identifiers

Affected Products

References · 95