CVE-2026-20750

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Gitea (affected versions not specified)

Description The software does not properly validate project ownership when handling organization project operations. This allows a user with project write access in one organization to potentially modify projects belonging to a different organization. This is an IDOR (Insecure Direct Object Reference) issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2026-01994

BIT-GITEA-2026-20750

CVE-2026-20750

GHSA-H4FH-PC4W-8W27

GHSA-RW22-5HHQ-PFPF

GO-2026-4370

SUSE-SU-2026:0403-1

Affected Products

Gitea

Red Os

CVE-2026-20750

Weakness Enumeration

Related Identifiers

Affected Products

References · 99