3 matches found
CVE-2026-26231
Gitea versions up to 1.26.1 expose an Authorization Bypass via the Allow edits from maintainers option. The root cause is the PR-create flow binding allow_maintainer_edit=true without verifying the submitter’s write access to the HEAD repository, enabling reverse-fork PR abuse to authorize pushes...
CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...
CVE-2026-26231 Gitea maintainer-edit permissions allow unauthorized commits to readable repositories
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...