Critical Vulnerability in Gitea Docker
8 July 2026
Attackers are exploiting a critical vulnerability in Gitea Docker images to gain unauthorised access to Gitea instances. Patch immediately.
Background
Gitea is a self-hosted Git software development platform. Security updates have been released to address a critical vulnerability (CVE-2026-20896) affecting Gitea Docker images. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Impact
On Gitea instances where reverse proxy authentication is enabled, an insecure default setting (REVERSE_PROXY_TRUSTED_PROXIES=*) trusts requests from any source IP address. This allows an attacker to impersonate any user, including administrators, whose login name is known or guessable, resulting in unauthorised access to the affected system.
Known Exploitation
This vulnerability is reportedly under active exploitation.
Affected Products
This vulnerability affects the following products:
Gitea Docker image v1.26.2 and earlier
Recommendations
Users and administrators of affected products are advised to update to the latest versions immediately. As a workaround, restrict the REVERSE_PROXY_TRUSTED_PROXIES setting to specific trusted IP addresses instead of the default wildcard (*).
Users and administrators are also advised to review access logs for any signs of unauthorised access or suspicious activity.
References
https://blog.gitea.com/release-of-1.26.3-and-1.26.4/
https://nvd.nist.gov/vuln/detail/CVE-2026-20896
https://github.com/go-gitea/gitea/security/advisories/GHSA-f75j-4cw6-rmx4
https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/
