Security Advisory

CVE-2026-20897

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-22 22:01:51
Last updated 2026-06-29 12:34:14
Assigner Gitea
State PUBLISHED

Description

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.