CVE-2026-0798

CVE-2026-0798: Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Vendor Gitea
Product Gitea Open Source Git Server
Weakness CWE-284
Published January 22, 2026
Last update January 23, 2026

CVSS base score

What the vulnerability does

01Description

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
January 23, 2026 Record updated