Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized.
{
"cna_assigner": "Gitea",
"cwe_ids": [
"CWE-200",
"CWE-284"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24451.json"
}