CVE-2026-27771

Summary

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server0 <= 1.26.1affected

Weaknesses

  • CWE-862: Missing Authorization

References