CVE-2026-27657
CVE-2026-27657 affects Gitea prior to 1.25.5. The issue arises in the email settings workflow where a user can alter another user’s primary email address, described as an Authorization Bypass Through User-Controlled Key. Affected evidence in connected sources indicates the root cause is insuffici...