A vulnerability, which was classified as problematic, has been found in Gitea up to 1.26.1. This impacts an unknown function of the component User Organization API. Performing a manipulation results in missing authorization.
This vulnerability is cataloged as CVE-2026-25714. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.