ГлавнаяУязвимости → CVE-2026-24451
7.5высокая

CVE-2026-24451

Описание

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://blog.gitea.com/release-of-1.26.3-and-1.26.4/https://github.com/go-gitea/gitea/pull/38151https://github.com/go-gitea/gitea/releases/tag/v1.26.3https://github.com/go-gitea/gitea/security/advisories/GHSA-wrf9-r3h7-7x5vhttps://github.com/go-gitea/gitea/security/advisories/GHSA-wrf9-r3h7-7x5v