Gitea private container image exposure security flaw (CVE-2026-27771)
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed CVE-2026-27771 in Gitea, a flaw that let unauthenticated remote attackers pull private container images from affected deployments. The issue affects all versions prior to 1.26.2, which fixes the bug. The reported footprint spans more than 30,000 deployments across 30+ countries. Operators can upgrade to 1.26.2 or apply [service].REQUIRE_SIGNIN_VIEW=true as a temporary workaround.
Timeline
-
27.05.2026 13:06 2 articles · 12h ago
Noscope discloses Gitea flaw that exposes private container images
Initial DisclosureNoscope disclosed CVE-2026-27771 in Gitea, a flaw that let unauthenticated remote attackers pull private container images from affected deployments without an account, password, or other credentials. The issue affects all versions prior to 1.26.2, may span more than 30,000 deployments across over 30 countries, and has also been confirmed in Forgejo; Gitea users are advised to upgrade to 1.26.2 or use [service].REQUIRE_SIGNIN_VIEW=true as a temporary workaround.
Show sources
- Gitea Vulnerability Exposes Private Container Images without Authentication — thehackernews.com — 27.05.2026 13:06
- Gitea Vulnerability Exposes Private Container Images without Authentication — thehackernews.com — 27.05.2026 13:06