{"uuid": "1b352c32-b1f7-4695-be14-6183dfe490a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116882828726974974", "content": "CRITICAL: Gitea Docker (&lt;1.26.3) is vulnerable to auth bypass (CVE-2026-20896) \u2014 attackers can access repos &amp; secrets by spoofing a username header. Actively exploited! Patch to 1.26.3+ &amp; restrict access now. https://radar.offseq.com/threat/critical-gitea-flaw-under-active-exploitation-rese-c58d67a324be5e40 #OffSeq #Gitea #Vuln #Infosec", "creation_timestamp": "2026-07-08T06:00:29.500188Z"}