CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
If your team runs a self-hosted Gitea instance with the built-in container registry turned on, there is a real chance that every private container image you have stored has been accessible to the open ...
A critical vulnerability in Gitea, the widely used open-source self-hosted Git platform, silently allowed any person on the internet to pull private container images from affected instances — no ...
For close to four years, a default configuration in Gitea’s built-in container registry has allowed anyone on the internet to pull private container images from exposed instances without ...