CVE-2026-20736 — Vulnetix

CVE-2026-20736 PUBLISHED

Gitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership Check

EPSS 0.02% · 4.7th percentile

Risk Scores

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitea	0, 0
Bitnami	gitea	0

Timeline

Jan 12, 2026 Fix PR Merged
Jan 22, 2026 CVE Published
Jan 22, 2026 PoC Published
Jan 23, 2026 CVE Updated
Jan 23, 2026 EPSS Score
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›