Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Critical Gitea Flaw Under Active Exploitation, Researchers Warn
Threat actors are exploiting CVE-2026-20896 in Gitea’s reverse-proxy authentication to access internet-exposed instances with only a valid username and one HTTP header. The flaw affects Gitea Docker images before 1.26.3 and can lead to full compromise of repositories, secrets, and CI/CD assets. #Gitea #CVE-2026-20896

Keypoints

  • Attackers can bypass Gitea authentication using a single HTTP header.
  • The flaw affects Gitea Docker images before version 1.26.3.
  • CVE-2026-20896 has a critical CVSS score of 9.8.
  • The vulnerability is tied to reverse-proxy authentication trust issues.
  • Exploitation could expose repositories, secrets, and admin accounts.

Read More: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/