CVE-2026-0798

low

Red Hat

CVSS v3 Base Score

3.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Published: January 22, 2026

Last Modified: January 22, 2026

Vendor: Red Hat

Description

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

CWE

CWE-497

Affected Products

OpenShift Pipelines

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 blog.gitea.com 🔗 github.com

CVE-2026-0798

Vulnerability Report

Description

CWE

Affected Products

References