Threat actors are exploiting CVE-2026-20896 in Gitea’s reverse-proxy authentication to access internet-exposed instances with only a valid username and one HTTP header. The flaw affects Gitea Docker images before 1.26.3 and can lead to full compromise of repositories, secrets, and CI/CD assets. #Gitea #CVE-2026-20896
Keypoints
- Attackers can bypass Gitea authentication using a single HTTP header.
- The flaw affects Gitea Docker images before version 1.26.3.
- CVE-2026-20896 has a critical CVSS score of 9.8.
- The vulnerability is tied to reverse-proxy authentication trust issues.
- Exploitation could expose repositories, secrets, and admin accounts.
Read More: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/