Gitea Docker images security update (CVE-2026-20896)
Security Patch Release
Summary
Hide ▲
Show ▼
Gitea released version 1.26.3 to fix CVE-2026-20896, closing a critical authentication-bypass risk in Gitea Docker images. The update removed the default **"*" wildcard trust and made reverse-proxy authentication opt-in. The affected release range covered versions before and including 1.26.2**, so exposed deployments needed prompt upgrading.
Related Happenings
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
H score21
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
GitHub CVE-2026-3854 security patch release
Security Patch Release
H score34
First: 29.04.2026 15:41
Last: 29.04.2026 15:41
Sources 1
About this happening:
**GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...
GitHub CVE-2026-3854 security patch release
Security Patch ReleaseAbout this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...
Nginx-ui 2.3.4 patch for CVE-2026-33032
Security Patch Release
H score60
First: 15.04.2026 16:00
Last: 15.04.2026 16:00
Sources 1
About this happening:
**nginx-ui maintainers** shipped **version 2.3.4** to fix **CVE-2026-33032**, closing a critical security gap for **MCP-enabled** deployments. The patch matters because the flaw c...
Nginx-ui 2.3.4 patch for CVE-2026-33032
Security Patch ReleaseAbout this happening: **nginx-ui maintainers** shipped **version 2.3.4** to fix **CVE-2026-33032**, closing a critical security gap for **MCP-enabled** deployments. The patch matters because the flaw c...
Latest development: 15.04.2026 17:45
After Pluto Security disclosed the issue in **March 2026**, the maintainers shipped **version 2.3.4** to address **CVE-2026-33032**. The patch closed the vulnerability in the product's **AI (MCP) integration** before broader exploitation details were reported.
Progress security patch release for CVE-2026-2699
Security Patch Release
H score68
First: 02.04.2026 16:33
Last: 02.04.2026 16:33
Sources 1
About this happening:
**Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
Progress security patch release for CVE-2026-2699
Security Patch ReleaseAbout this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch Release
H score59
First: 11.03.2026 21:38
Last: 11.03.2026 21:38
Sources 1
About this happening:
**Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch ReleaseAbout this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Timeline
-
06.07.2026 19:28 2 articles · 3d ago
Gitea Docker images security update (CVE-2026-20896)
Initial DisclosureGitea's **1.26.3** release replaced the default wildcard trust setting in its Docker image template and shifted reverse-proxy authentication to opt-in. That change addressed **CVE-2026-20896** for **Gitea Docker images** before and including **1.26.2**.
Show sources
- Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure — thehackernews.com — 06.07.2026 19:28
- Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure — thehackernews.com — 06.07.2026 19:28