CVE-2026-27771

CVE-2026-27771CVE-2026-27771

Description

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

Scoring

CVSS 8.2 ()
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Last modified2026-07-03
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.