CVE-2026-25782

Summary

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 < 1.25.5affected

Weaknesses

  • CWE-639: Authorization Bypass Through User-Controlled Key

References