CVE-2026-20750

Publication date

2026-01-22 22:01:49

Family

Gitea

State

PUBLISHED

Description

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.