www.securityweek.com 7/7/2026, 5:31:24 PM · external

Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Critical Gitea Flaw Under Active Exploitation, Researchers Warn
Developing story vulnerability 3 articles tracked
Critical Gitea flaws (CVE-2026-20896, CVE-2026-22874) allow remote takeover
CyberSIXT Evidence Panel
Primary Source github.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

THREAT actors are exploiting a vulnerability in Gitea's reverse-proxy authentication, identified as CVE-2026-20896, with a critical CVSS score of 9.8. This issue affects Gitea Docker images prior to version 1.26.3 and allows unauthorized access using only a valid username in an HTTP header, bypassing authentication. The vulnerability arises because Gitea defaults to allowing connections from any IP address instead of using an allowlist.

Exploitation began shortly after public disclosure, and users are urged to update their Gitea instances to prevent potential compromise of sensitive information. Following the vulnerability disclosure, around 6,200 Gitea instances were found to be internet-accessible.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline