CVE-2026-25714
Gitea is vulnerable to CVE-2026-25714: versions up to 1.26.1 do not consistently apply public-only token filtering in the user orgs API, leaving an incomplete fix for CVE-2025-68941. This allows a public-only token to enumerate private organizations belonging to the token owner, violating scope r...