Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-22555— Gitea organization forks can expose organization secrets without create permission

CVSS 8.1 · High EPSS 0.30% · P22

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

VendorProductVersion RangeStatus
GiteaGitea Open Source Git Server< 1.26.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-22555

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gitea organization forks can expose organization secrets without create permission
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GiteaGitea Open Source Git Server 0 ~ 1.26.0 -

II. Public POCs for CVE-2026-22555

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-22555

登录查看更多情报信息。

Patches & Fixes for CVE-2026-22555 (1)

Vendor Advisories for CVE-2026-22555 (1)

Vendor Pages for CVE-2026-22555 (1)

Same Patch Batch · Gitea · 2026-07-03 · 40 CVEs total

CVE-2026-208969.8 CRITICALGitea Docker image trusts spoofable reverse-proxy headers by default
CVE-2026-584269.6 CRITICALGitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read
CVE-2026-228749.6 CRITICALGitea webhook and migration allow-list filtering permits SSRF
CVE-2026-584248.9 HIGHPermanent Fork PR Workflow Approval Gate Bypass
CVE-2026-287378.7 HIGHGitea 3D file viewer allows stored XSS through glTF extensionsRequired
CVE-2026-262318.5 HIGHGitea maintainer-edit permissions allow unauthorized commits to readable repositories
CVE-2026-286998.1 HIGHGitea Basic Auth bypasses OAuth2 access token scopes
CVE-2026-287448.1 HIGHGitea Git smart HTTP bypasses repository token scopes for bearer tokens
CVE-2026-584237.7 HIGHLFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to pr
CVE-2026-287407.1 HIGHGitea LFS object reuse bypasses Code-unit authorization
CVE-2026-207797.1 HIGHGitea TOTP single-use enforcement defect allows OTP replay
CVE-2026-584186.5 MEDIUMSSRF via HTTP Redirect in Repository Migration
CVE-2026-277834.3 MEDIUMGitea issue-template APIs bypass repository unit authorization
CVE-2026-277614.3 MEDIUMGitea repository feeds bypass API token scope enforcement
CVE-2026-257144.3 MEDIUMGitea user organization API bypasses public-only token filtering
CVE-2026-20706Gitea repository archive downloads bypass token scope checks
CVE-2026-20909Gitea tracked-time list endpoint has insufficient permission checks
CVE-2026-58421Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58419Notification API leaks private issue metadata after access revocation
CVE-2026-28705Gitea repository dumps write release assets using unsafe path names

Showing top 20 of 40 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-22555

No comments yet


Leave a comment