CVE-2026-20736

Name of the Vulnerable Software and Affected Versions Gitea (affected versions not specified)

Description Gitea does not correctly validate the repository context during attachment deletion. A user who uploaded an attachment to a repository might be able to delete it even after losing access to that repository by submitting the request through a different repository they are authorized to access. This occurs because the system fails to properly confirm the user's permission to delete the attachment within the original repository.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.