CVE-2026-20800

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gitea (affected versions not specified)

Description The notification API does not re-validate repository access permissions when providing notification details. Specifically, after a user’s access to a private repository is revoked, they may still be able to view issue and pull request titles through previously received notifications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-GITEA-2026-20800

CVE-2026-20800

GHSA-2VGV-HGV4-22MH

GHSA-G54M-9F6G-WJ7Q

GO-2026-4362

SUSE-SU-2026:0403-1

Affected Products

Gitea

Red Os

CVE-2026-20800

Weakness Enumeration

Related Identifiers

Affected Products

References · 95