CVE-2026-20706
No CVSS score published
Source data as of:
At a glance
- Severity
- No CVSS score published
- CVSS
- No CVSS score in the NVD record
- EPSS
- EPSS not provided by FIRST.org for this CVE
- CISA KEV
- No
- Published
- 2026-07-03 · Modified: 2026-07-03
- References
- Jump to references (4)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.