Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3134 articles · 172060 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-22547PATCHED
gitea · gitea open source git server

Gitea repository creation accepts invalid field values

Description

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.

Affected Products

VendorProductVersions
giteagitea open source git server0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourcegiteacert_advisory90%

References

  • https://github.com/go-gitea/gitea/pull/36671(patch)
  • https://github.com/go-gitea/gitea/pull/36757(patch)
  • https://github.com/go-gitea/gitea/releases/tag/v1.25.5(release-notes)
  • https://blog.gitea.com/release-of-1.25.5/(release-notes)

Related News (2 articles)

Tier B
BSI Advisories1d ago
[UPDATE] [mittel] Gitea: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB3d ago
CVE-2026-22547 | Gitea up to 1.25.4 input validation
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
1.25.5
CWECWE-20
PublishedJul 3, 2026
Last enriched3d agov2
Trending Score48
Source articles2
Independent2
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-20896EXP
Gitea Docker image trusts spoofable reverse-proxy headers by default
Trending: 90
CRITICALCVE-2026-26247EXP
Gitea OAuth2 PKCE S256 challenges are not enforced during token exchange
Trending: 61
CRITICALCVE-2026-26292EXP
Gitea LFS mirror synchronization bypasses migration HTTP transport restrictions
Trending: 61
CRITICALCVE-2026-26232EXP
Gitea OAuth2 authorization codes lack expiry and reuse enforcement
Trending: 61
HIGHCVE-2026-27660EXP
Gitea draft releases use insufficient permission checks
Trending: 55

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 3, 2026
Discovered by ZDM
Jul 3, 2026
Updated: affectedVersions, severity
Jul 4, 2026
Patch Available
Jul 7, 2026

Version History

v2
Last enriched 3d ago
v2Tier C3d ago

Updated affected versions to include 1.25.4, changed severity to HIGH, and noted that no exploit exists.

affectedVersionsseverity
via VulDB
v14d ago

Initial creation