CVE-2026-24451: CWE-200 in Gitea Gitea Open Source Git Server
Gitea version 1.26.2 contains a vulnerability where fork synchronization continues even after the parent repository's visibility changes from public to private. This behavior exposes data to forks that should no longer have access, leading to unauthorized information disclosure.
AI Analysis
Technical Summary
CVE-2026-24451 affects Gitea Open Source Git Server version 1.26.2. The vulnerability involves improper access control during fork synchronization: when a parent repository changes its visibility from public to private, the synchronization process does not halt, allowing forks to continue receiving updates and thus exposing data that should be restricted. This issue corresponds to CWE-200 (Information Exposure) and CWE-284 (Improper Access Control). No CVSS score or vendor patch information is currently available.
Potential Impact
The vulnerability allows unauthorized disclosure of repository data to forks that should no longer have access after the parent repository is made private. This could lead to sensitive information exposure to unauthorized parties. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting fork synchronization manually or avoid changing repository visibility from public to private if forks exist. Monitor official Gitea channels for updates and patches addressing this issue.
CVE-2026-24451: CWE-200 in Gitea Gitea Open Source Git Server
Description
Gitea version 1.26.2 contains a vulnerability where fork synchronization continues even after the parent repository's visibility changes from public to private. This behavior exposes data to forks that should no longer have access, leading to unauthorized information disclosure.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-24451 affects Gitea Open Source Git Server version 1.26.2. The vulnerability involves improper access control during fork synchronization: when a parent repository changes its visibility from public to private, the synchronization process does not halt, allowing forks to continue receiving updates and thus exposing data that should be restricted. This issue corresponds to CWE-200 (Information Exposure) and CWE-284 (Improper Access Control). No CVSS score or vendor patch information is currently available.
Potential Impact
The vulnerability allows unauthorized disclosure of repository data to forks that should no longer have access after the parent repository is made private. This could lead to sensitive information exposure to unauthorized parties. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting fork synchronization manually or avoid changing repository visibility from public to private if forks exist. Monitor official Gitea channels for updates and patches addressing this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Gitea
- Date Reserved
- 2026-03-03T03:26:00.298Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4820fb27e9c79719acbf35
Added to database: 07/03/2026, 20:52:11 UTC
Last enriched: 07/03/2026, 21:00:34 UTC
Last updated: 07/03/2026, 22:31:25 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.