{"uuid": "86fe0ab4-53c3-4e98-a22b-1f3c7484284a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "exploited", "source": "https://t.me/thehackernews/9422", "content": "\ud83d\udea8 CVE-2026-20896 saw its first in-the-wild attempt 13 days after disclosure.\n\nThe Gitea Docker flaw lets reachable containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled.\n\nSee which setups are exposed and where the probe stopped: https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html", "creation_timestamp": "2026-07-16T00:00:19.731481Z"}