{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:23:33.613","vulnerabilities":[{"cve":{"id":"CVE-2026-20750","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-01-22T22:16:17.370","lastModified":"2026-01-29T21:48:07.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization."},{"lang":"es","value":"Gitea no valida correctamente la titularidad de los proyectos en las operaciones de proyectos de la organización. Un usuario con permisos de escritura en proyectos de una organización podría modificar proyectos pertenecientes a una organización diferente."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*","versionEndExcluding":"1.25.4","matchCriteriaId":"DFCB7D74-331D-4582-AB41-113A25BE8FAA"}]}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/pull/36318","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/pull/36373","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-h4fh-pc4w-8w27","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Broken Link"]}]}}]}