CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
Corin Cesaric-Epple is an Editor at CNET covering home and kitchen tech and meal kits, and reporting regularly on artificial intelligence. She earned her bachelor's degree in journalism from the ...