Back to search
CVE-2026-0798
Published: Jan 22, 2026
Modified: Jan 23, 2026
PUBLISHED
Description
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
| Vendor | Product | Versions |
|---|---|---|
Gitea | Gitea Open Source Git Server | affected 0 - <= 1.25.3 |
Weaknesses (CWE)
References
GitHub Security Advisory
vendor-advisory
Gitea v1.25.4 Release
release-notes
Gitea v1.25.4 Release Blog Post
release-notes
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now