CRITICALAdvisoryJul 09, 2026
Action required
Immediately inventory all Gitea instances. Upgrade Docker images to version 1.26.3 or later. For instances behind proxies running older versions, disable reverse-proxy authentication or implement strict source IP allowlisting. Hunt for unauthorized repository access and credential exfiltration in logs.
Affected products
GiteaDocker images
CVE IDs
Linked articles