-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
CVE Vulnerability Details :
CVE-2026-27657
PUBLISHED
More Info
Official Page
Assigner
-
Gitea
Assigner Org ID
-
88ee5874-cf24-4952-aea0-31affedb7ff2
View Known Exploited Vulnerability (KEV) details
Published At
-
03 Jul, 2026 | 20:19
Updated At
-
03 Jul, 2026 | 20:19
Rejected At
-
▼
CVE Numbering Authority (CNA)
Gitea email settings allow changing another user's primary email address
Gitea versions before 1.25.5 allow a user to change another user's primary email address.
Affected Products
Vendor
Gitea
Product
Gitea Open Source Git Server
Default Status
unaffected
Versions
Affected
From
0
before
1.25.5
(semver)
Problem Types
Type
CWE ID
Description
CWE
CWE-639
Authorization Bypass Through User-Controlled Key
Type:
CWE
CWE ID:
CWE-639
Description:
Authorization Bypass Through User-Controlled Key
Metrics
Version
Base score
Base severity
Vector
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
CsEnox
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://github.com/go-gitea/gitea/pull/36586
patch
https://github.com/go-gitea/gitea/pull/36607
patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.5
release-notes
https://blog.gitea.com/release-of-1.25.5/
release-notes
Hyperlink:
https://github.com/go-gitea/gitea/pull/36586
Resource:
patch
Hyperlink:
https://github.com/go-gitea/gitea/pull/36607
Resource:
patch
Hyperlink:
https://github.com/go-gitea/gitea/releases/tag/v1.25.5
Resource:
release-notes
Hyperlink:
https://blog.gitea.com/release-of-1.25.5/
Resource:
release-notes
Details not found