Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
History

Fri, 03 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
Title Gitea fork synchronization can expose private parent repository data
Weaknesses CWE-200
CWE-284
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Gitea

Published:

Updated: 2026-07-03T20:19:31.362Z

Reserved: 2026-03-03T03:26:00.298Z

Link: CVE-2026-24451

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.