What the vulnerability does
01Description
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVSS base score
3.1/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Key dates
02Disclosure timeline
December 26, 2025
CVE published
December 26, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-43913 Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
CVE-2024-23929 Pioneer DMH-WT7600NEX Telematics Directory Traversal
CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences
CVE-2026-23572 Improper Access Control in TeamViewer clients
