{"vulnerability": "cve-2026-20896", "sightings": [{"uuid": "62813ac8-aa84-459e-b470-7221608a9c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20896", "type": "seen", "source": "https://bsky.app/profile/thecybersecguru.com/post/3mp65jcs6sh27", "content": "Three Vulnerabilities, One Platform: Why Your Self-Hosted Gitea/Gogs Instance Is Probably Already\u00a0Owned\n\nThree critical Gitea and Gogs CVEs disclosed in 2026: a CVSS 9.8 auth bypass via X-WEBAUTH-USER header,\u2026\n\nhttps://thecybersecguru.com/news/cve-2026-20896-gitea-authentication-bypass-dom-xss-ssrf/", "creation_timestamp": "2026-06-26T04:52:06.315766Z"}, {"uuid": "fc8bee44-ecb4-4692-a320-a34f4b558312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mpidt76pcsbr", "content": "\u533f\u540d\u306e\u7814\u7a76\u8005\u304c\u30bc\u30ed\u30c7\u30a4\u6570\u4ef6\u3092GitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u3067\u516c\u958b\uff08CVE-2026-55200\u3001CVE-2026-20896\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/46394/", "creation_timestamp": "2026-06-30T06:11:34.296661Z"}, {"uuid": "672973c2-2cc6-42ad-882c-039e474f5a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mpidta6bgb2n", "content": "\u533f\u540d\u306e\u7814\u7a76\u8005\u304c\u30bc\u30ed\u30c7\u30a4\u6570\u4ef6\u3092GitHub\u30ea\u30dd\u30b8\u30c8\u30ea\u3067\u516c\u958b\uff08CVE-2026-55200\u3001CVE-2026-20896\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-potato-alert/46394/", "creation_timestamp": "2026-06-30T06:11:36.036527Z"}, {"uuid": "c068d707-8172-41f5-9b49-d04721662b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprkvjpwpw2x", "content": "CVE-2026-20896 - gitea open source git server\nGitea's Docker image has a security setting that allows anyone to pretend to be a user when using certain reverse-proxy authentication headers. This is a concern because it\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#gitea #CVE #infosec", "creation_timestamp": "2026-07-03T22:12:05.560700Z"}, {"uuid": "4a3f4580-eddd-4df0-9f29-1c8d4e7238d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpv7wdllhg2p", "content": "CVE-2026-20896 - Critical auth bypass in Gitea Docker images \u22641.26.2. Default REVERSE_PROXY_TRUSTED_PROXIES=* allows IP spoofing via X-WEBAUTH-USER headers. CVSS 9.8. No patch available. Update config now. #CVE #Gitea #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-20896/", "creation_timestamp": "2026-07-05T09:06:20.854926Z"}, {"uuid": "ca843669-58f4-4ca7-9201-8299e4fc9abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpwhtesstw2e", "content": "\ud83d\udd34 CVE-2026-20896 - Critical (9.8)\n\nGitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by def...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-20896/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-05T21:00:31.349197Z"}, {"uuid": "f599afe7-03ef-42b4-a6a5-fb45c4ec88d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mpym3e6xsa2p", "content": "Threat actors attempt to exploit CVE-2026-20896 in Gitea Docker images by abusing trusted reverse-proxy authentication via the X-WEBAUTH-USER header.\n", "creation_timestamp": "2026-07-06T17:21:53.550435Z"}, {"uuid": "71ae1653-92fb-4fd9-9a3d-46be2804dba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mpyquy64dk2n", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure\n\nthehackernews.com/2026/07/thre...\n\n#Cybersecurity #ThreatIntel #Vulnerability", "creation_timestamp": "2026-07-06T18:48:11.058488Z"}, {"uuid": "69d0eb7e-5e88-4822-8694-43cec8625307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mpyjmjuh2f24", "content": "Threat actors probe Gitea Docker flaw CVE-2026-20896; update to version 1.26.3 immediately. #Gitea #Docker #CVE202620896 #CyberSecurity #DevOps #ContainerSecurity #Sysdig thedailytechfeed.com/threat-actor...", "creation_timestamp": "2026-07-06T16:37:48.940283Z"}, {"uuid": "77936aba-b592-470f-b3d0-d8ee5d3eafa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mpymmfpqcp2s", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure\nThreat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is\u2026\n\n\ud83d\udd17 https://hnow.live/a/54e7dfd1", "creation_timestamp": "2026-07-06T17:31:26.339917Z"}, {"uuid": "0c39f5d1-fc43-4495-913d-10a503439e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpynfgf3qn2w", "content": "Threat actors are probing Gitea Docker CVE-2026-20896, where trusted X-WEBAUTH-USER headers could enable user impersonation. Affects images through 1.26.2; fixed in 1.26.3. #Gitea #CVE-2026-20896 #Sysdig", "creation_timestamp": "2026-07-06T17:45:25.477030Z"}, {"uuid": "8dbb2c57-3add-4c81-a466-bf3a48e85381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynjni2522p", "content": "CVE-2026-20896: Threat Actors Probing Gitea Docker Flaw Just 13 Days Post-Disclosure #CVE #Gitea #Docker", "creation_timestamp": "2026-07-06T17:47:46.826896Z"}, {"uuid": "81621d94-49ea-4b04-84fd-d4c1a8c78f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynjscrlz2v", "content": "CVE-2026-20896: Gitea's Critical Docker Flaw Ignites Immediate Attacker Interest #CVE202620896 #Gitea #Docker", "creation_timestamp": "2026-07-06T17:47:51.999147Z"}, {"uuid": "de01c308-d3bf-4c7b-b904-595ee9f6b0fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynjw3voa26", "content": "CVE-2026-20896: Quick Probes on Gitea Docker Flaw Raise Alarms #CVE2026 #Gitea #DockerSecurity", "creation_timestamp": "2026-07-06T17:47:55.730040Z"}, {"uuid": "51c2c8d5-548c-45ec-aa3f-42391f54e4a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynjzcgtb2v", "content": "CVE-2026-20896: Gitea Docker's Flawed Trust Model Exposes Users to Attacks #CVE202620896 #Gitea #DockerSecurity", "creation_timestamp": "2026-07-06T17:47:59.446838Z"}, {"uuid": "2856693d-163a-4f6f-9921-79903909f8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynocazyj2v", "content": "CVE-2026-20896: Attackers Probing Gitea Docker Flaw Raising Eyebrows #CyberSecurity #CVE2026 #Gitea", "creation_timestamp": "2026-07-06T17:50:23.453041Z"}, {"uuid": "84782018-f928-4998-8a36-765624c27819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mpynofl34f2k", "content": "CVE-2026-20896: Are Threat Actors Exploiting Gitea Flaws Too Soon? #CVE202620896 #GiteaSecurity #ThreatActors", "creation_timestamp": "2026-07-06T17:50:26.511200Z"}, {"uuid": "e205fcc4-3389-4c69-b45d-bebf48c37fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mpynoifcex2v", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure", "creation_timestamp": "2026-07-06T17:50:29.501152Z"}, {"uuid": "7c1446c0-6b50-46f1-8410-31bee4a6ae60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpyowhw5i32x", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure", "creation_timestamp": "2026-07-06T18:12:50.833036Z"}, {"uuid": "e89b442e-1e5f-4538-8224-70fb6e494caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mpyqphtlhf2i", "content": "Gitea's official Docker image trusts the X-WEBAUTH-USER login header from any IP, so with reverse-proxy auth on, anyone reachable can log in as any user, no password.\n\nAffects images through 1.26.2. Fix: upgrade to 1.26.3. (CVE-2026-20896)", "creation_timestamp": "2026-07-06T18:44:43.380456Z"}, {"uuid": "b773791e-44e3-496f-818f-552c3a53527d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html", "content": "Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.\n\nThe vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the \"X-WEBAUTH-USER\" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated", "creation_timestamp": "2026-07-06T19:00:42.499529Z"}, {"uuid": "03023146-be47-4246-bdf3-fd4a02659e29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20896", "type": "seen", "source": "https://bsky.app/profile/blindthoughts.bsky.social/post/3mpyvtlmep32k", "content": "Active Exploitation: Patch CVE-2026-20896 in Gitea Docker Now (CVSS 9.8)\n\nhttps://blindthoughts.com/cve-2026-20896-gitea-docker-active-exploitation\n\n#vulnerability #gitea #docker #cve #activeexploitation", "creation_timestamp": "2026-07-06T20:16:29.915258Z"}, {"uuid": "793f96a2-2a7c-4386-ab8a-00fc63042ca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpyyqnac3b2j", "content": "\ud83e\udd16 CVE-2026-20896 (CVSS 9.8): Critical Gitea Docker flaw \u2014 unauthenticated RCE via X-WEBAUTH-USER header spoofing. Active exploitation detected.\n\nhttps://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html", "creation_timestamp": "2026-07-06T21:08:32.065365Z"}, {"uuid": "5c53ee2a-dc3c-45fb-a90c-37c2fe9d82dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/sleepydogtsjp.bsky.social/post/3mpz2kitryc2r", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure\nthehackernews.com/2026/07/thre...", "creation_timestamp": "2026-07-06T21:40:55.805381Z"}, {"uuid": "479f1e17-4c9f-4a4b-bf6c-1ebddbb13dee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mpz4ri2krg2b", "content": "\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304cGitea\u306eDocker\u8106\u5f31\u6027CVE-2026-20896\u3092\u8abf\u67fb\uff08\u516c\u958b\u304b\u308913\u65e5\u5f8c\uff09 \n\nThreat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure  #HackerNews (Jul 6)\n\nthehackernews.com/2026/07/thre...", "creation_timestamp": "2026-07-06T22:20:36.242482Z"}, {"uuid": "53b1c07f-c037-4bc5-9e60-10dbd0b30767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mpz3q4byjv2l", "content": "\ud83d\udcf0 Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure\n\nThreat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker i...\n\nhttps://tinyurl.com/2demjwlz #TechNews #CrustyTLDR", "creation_timestamp": "2026-07-06T22:01:55.624608Z"}, {"uuid": "dbafe40f-a96f-4d80-81df-4189c9b6c725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/iberianm.bsky.social/post/3mpzpr7kl4q2m", "content": "Gitea Docker flaw CVE-2026-20896: attackers probe the patched issue quickly. Defenders should upgrade Gitea images to the fixed version and verify X-WEBAUTH handling. #Cybersecurity #Vulnerability #ThreatIntel\n\nSource: https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html", "creation_timestamp": "2026-07-07T04:00:27.815740Z"}, {"uuid": "edc88acb-c4b1-4793-8ca2-9c6b63781557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://thehackernews.com/2026/07/threat-actors-probe-gitea-docker-flaw.html", "content": "Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.\n\nThe vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the \"X-WEBAUTH-USER\" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated", "creation_timestamp": "2026-07-07T01:00:43.011535Z"}, {"uuid": "1bc2b1c3-4021-48c1-81f4-1f5925d95b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mpzou6injh2q", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-07-07T03:44:13.678490Z"}, {"uuid": "3193eb4a-e861-4e49-8dba-6e8ad0542c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mq2qiha23s25", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure reconbee.com/threat-actor...\n\n#cyberthreats #Giteadockerflaw #probe #cybersecurity #cyberattack", "creation_timestamp": "2026-07-07T13:46:10.900691Z"}, {"uuid": "9e3c79cd-e3d2-4ffc-92eb-c3801c5cf498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mq34u5qnff2h", "content": "Gitea\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u3001\u5b9f\u969b\u306b\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u308b\u2015\u2015\u7814\u7a76\u8005\u3089\u304c\u8b66\u544a\n\n\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u3089\u306f\u3001Gitea\u306e\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u8a8d\u8a3c\u6a5f\u69cb\u306b\u5b58\u5728\u3059\u308b\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3001\u6709\u52b9\u306a\u30e6\u30fc\u30b6\u30fc\u540d\u3092\u4e00\u3064\u6307\u5b9a\u3059\u308b\u3060\u3051\u3067\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u304b\u3089\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u4fb5\u5165\u3057\u3066\u3044\u307e\u3059\u3002 \u3053\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u306fGitea\u306e\u516c\u5f0fDocker\u30a4\u30e1\u30fc\u30b8\u306b\u56fa\u6709\u306e\u3082\u306e\u3067\u3001CVE-2026-20896\uff08CVSS\u30b9\u30b3\u30a29.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c", "creation_timestamp": "2026-07-07T17:27:24.624022Z"}, {"uuid": "d6b43c8e-e4e1-4963-9c3c-4c189ad75d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116879910895582885", "content": "\ud83d\udea8 Critical Gitea flaw CVE-2026-20896 is being probed in the wild\nResearchers warn that attackers are targeting a critical Gitea Docker image flaw that can allow authentication bypass with a single HTTP header.\nThe issue affects official Gitea Docker images up to 1.26.2 when reverse-proxy authentication is enabled.\nThe vulnerable default trusted any source IP as a reverse proxy, meaning an attacker who could reach the container\u2019s HTTP port could spoof X-WEBAUTH-USER and impersonate a known or guessable user.\nGitea patched the issue in 1.26.3 / 1.26.4, and a public PoC/checker is now available.\nSysdig says the first in-the-wild probing was seen 13 days after disclosure.\nObserved IP: 159[.]26[.]98[.]241", "creation_timestamp": "2026-07-07T17:38:26.634669Z"}, {"uuid": "c2729baf-f62b-4f67-a0dd-d988d6ea66d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20896", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mq35lpurkk2a", "content": "Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure\n\nThreat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.\n\nThe vulnerability in question is CVE-2026-20896 (CVSS score\u2026\n#hackernews #news", "creation_timestamp": "2026-07-07T17:40:35.826520Z"}]}