Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-24690
PUBLISHED
More InfoOfficial Page
Assigner-Gitea
Assigner Org ID-88ee5874-cf24-4952-aea0-31affedb7ff2
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 20:19
Updated At-03 Jul, 2026 | 20:19
Rejected At-
▼CVE Numbering Authority (CNA)
Gitea pull-request branch updates use insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches.

Affected Products
Vendor
Gitea
Product
Gitea Open Source Git Server
Default Status
unaffected
Versions
Affected
  • From 0 before 1.25.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284
Type: CWE
CWE ID: CWE-284
Description: CWE-284
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
the CodeThreat Security Research Team and Alexander Girgis
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/go-gitea/gitea/pull/36465
patch
https://github.com/go-gitea/gitea/pull/36838
patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.5
release-notes
https://blog.gitea.com/release-of-1.25.5/
release-notes
Hyperlink: https://github.com/go-gitea/gitea/pull/36465
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/pull/36838
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/releases/tag/v1.25.5
Resource:
release-notes
Hyperlink: https://blog.gitea.com/release-of-1.25.5/
Resource:
release-notes
Details not found