CVE-2026-20736
🔴 HIGHGitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repositor...
Description
Request Expert ReviewGitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.
Affected Products (1)
CVSS Scores
References
Additional Information
- Source
- 88ee5874-cf24-4952-aea0-31affedb7ff2
- State
- Analyzed
Related CVEs
CVE-2026-2215
LOWA vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the compo...
CVE-2026-2214
LOWA weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This ma...
CVE-2026-2213
MEDIUMA security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administ...
CVE-2026-1615
CRITICALAll versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The libr...
CVE-2026-2212
HIGHA vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Adminis...
CVE-2026-2211
HIGHA vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCateg...
Share CVE-2026-20736
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-20736 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!