[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:critical-gitea-flaw-under-active-exploitation-researchers-warn-mrct2cqg":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":24,"articles":25},"cfb3cc64-9090-49b7-8be8-927280a12a20","Critical Gitea Flaw Under Active Exploitation, Researchers Warn","critical-gitea-flaw-under-active-exploitation-researchers-warn-mrct2cqg","Critical vulnerability CVE-2026-20896 in Gitea's reverse-proxy authentication is under active exploitation. Attackers bypass authentication by spoofing a single HTTP header to gain unauthorized access to repositories and secrets. Gitea Docker images prior to version 1.26.3 are vulnerable due to default misconfiguration.","critical","advisory",[12],"CVE-2026-20896",[14,15],"Gitea","Docker images","Immediately inventory all Gitea instances. Upgrade Docker images to version 1.26.3 or later. For instances behind proxies running older versions, disable reverse-proxy authentication or implement strict source IP allowlisting. Hunt for unauthorized repository access and credential exfiltration in logs.",[18],"72040aa8-4502-4a98-b0b4-ca9f96842573",null,[21],"https:\u002F\u002Fwww.securityweek.com\u002Fcritical-gitea-flaw-under-active-exploitation-researchers-warn\u002F","active","2026-07-11T01:05:41.035+00:00","2026-07-09T01:05:46.049687+00:00",[26],{"id":18,"title":6,"url":21}]