Home > Vulnerability Database > CVE-2026-0798

Mend.io Vulnerability Database

CVE-2026-0798

Good to know:

Date: January 22, 2026

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Severity Score

3.5

Related Resources (9)

Url: https://github.com/go-gitea/gitea/pull/36319

Url: https://github.com/go-gitea/gitea/security/advisories/GHSA-f4wq-6ww5-m56p

Url: https://github.com/go-gitea/gitea/releases/tag/v1.25.4

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-0798

Url: https://github.com/advisories/GHSA-8fwc-qjw5-rvgp

Url: https://blog.gitea.com/release-of-1.25.4/

Url: https://blog.gitea.com/release-of-1.25.4

Url: https://github.com/go-gitea/gitea

Url: https://www.mend.io/vulnerability-database/CVE-2026-0798

Severity Score

3.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version github.com/go-gitea/gitea - v1.25.4;code.gitea.io/gitea - v1.25.4

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-0798

Good to know:

Date: January 22, 2026

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?