CVE-2026-0798 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2026-0798?

CVE-2026-0798 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0798?

Check the references section above for vendor advisories and patch information. Affected products include: Gitea Gitea.

Vulnerability Description

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gitea	Gitea	< 1.25.4

Related Weaknesses (CWE)

CWE-284

References

https://blog.gitea.com/release-of-1.25.4/Release Notes
https://github.com/go-gitea/gitea/pull/36319Issue TrackingPatch
https://github.com/go-gitea/gitea/releases/tag/v1.25.4Release Notes
https://github.com/go-gitea/gitea/security/advisories/GHSA-f4wq-6ww5-m56pBroken Link

FAQ

What is CVE-2026-0798?

CVE-2026-0798 is a vulnerability with a CVSS score of 3.5 (LOW). Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the reposi...

How severe is CVE-2026-0798?

CVE-2026-0798 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0798?

Check the references section above for vendor advisories and patch information. Affected products include: Gitea Gitea.