A vulnerability described as critical has been identified in Gitea up to 1.25.4. The affected element is an unknown function of the component Pull Request Handler. The manipulation results in improper access controls.
This vulnerability is identified as CVE-2026-24690. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.