Loading market data...
← Back to CVE feed

CVE-2026-27761

MEDIUM CVSS 4.3 View on NVD ↗

Description

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Published: Jul 03, 2026 21:16 UTC Modified: Jul 03, 2026 21:16 UTC