A critical vulnerability (CVE-2026-20896) has been identified in Gitea's Docker images, allowing attackers to bypass authentication with a single HTTP header, potentially exposing sensitive repositories and data. The flaw affects versions prior to 1.26.3 and has been actively exploited just days after its disclosure. Researchers from Sysdig noted the insecure default settings of Gitea's Docker images, which fail to restrict trusted proxy access, leading to easy impersonation of any user by sending a crafted header. Users are urged to update to versions 1.26.3 or 1.26.4 immediately to mitigate risks.
CVE-2026-20896: Gitea Docker flaw lets attackers bypass auth
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
CVE-2026-20896: Gitea Docker flaw lets attackers bypass auth
securityaffairs.com
-
Critical Gitea Flaw Under Active Exploitation, Researchers Warn
cybersixt.com
-
Attackers Exploit New Gitea Docker Bug CVE-2026-20896
cybersixt.com
-
Gitea auth flaw lets attackers hijack admin accounts via SSRF
cybersixt.com