CVE-2026-20706

Summary

Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 <= 1.26.1affected

Weaknesses

  • CWE-284: CWE-284

References