Vendor
Gitea
Vulnerabilities and advisories affecting Gitea, the self-hosted Git service, including its official Docker images.
Articles
gitea
Gitea Docker Auth Bypass: Patch 1.26.4, CSA Confirms
Sysdig confirms the first in-the-wild hit on Gitea Docker CVE-2026-20896; Singapore CSA now warns customers; 1.26.3 shipped with a regression, so run 1.26.4.
read →

gitea
Gitea Docker's Auth Bypass: Probing Already Underway
The Gitea Docker image up through 1.26.2 shipped a wildcard reverse-proxy trusted list, collapsing auth to a header. Fixed in 1.26.3. The Hacker News reports opportunistic scanning 13 days after disclosure; ~6,200 exposed instances.
read →