Find notable cyber news and cases, enriched with sources, timelines, and signals.

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
First reported
Last updated
Happening score
H score 51
1 unique sources, 1 articles

Summary

Hide ▲

Gitea released version 1.26.3 to fix CVE-2026-20896, closing a critical authentication-bypass risk in Gitea Docker images. The update removed the default **"*" wildcard trust and made reverse-proxy authentication opt-in. The affected release range covered versions before and including 1.26.2**, so exposed deployments needed prompt upgrading.

Related Happenings

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
H score21 First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

GitHub CVE-2026-3854 security patch release

Security Patch Release
H score34 First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...

Nginx-ui 2.3.4 patch for CVE-2026-33032

Security Patch Release
H score60 First: 15.04.2026 16:00 Last: 15.04.2026 16:00 Sources 1

About this happening: **nginx-ui maintainers** shipped **version 2.3.4** to fix **CVE-2026-33032**, closing a critical security gap for **MCP-enabled** deployments. The patch matters because the flaw c...

Latest development: 15.04.2026 17:45

After Pluto Security disclosed the issue in **March 2026**, the maintainers shipped **version 2.3.4** to address **CVE-2026-33032**. The patch closed the vulnerability in the product's **AI (MCP) integration** before broader exploitation details were reported.

Progress security patch release for CVE-2026-2699

Security Patch Release
H score68 First: 02.04.2026 16:33 Last: 02.04.2026 16:33 Sources 1

About this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
H score59 First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Timeline

  1. 06.07.2026 19:28 2 articles · 3d ago

    Gitea Docker images security update (CVE-2026-20896)

    Initial Disclosure

    Gitea's **1.26.3** release replaced the default wildcard trust setting in its Docker image template and shifted reverse-proxy authentication to opt-in. That change addressed **CVE-2026-20896** for **Gitea Docker images** before and including **1.26.2**.

    Show sources