A critical access control vulnerability (CVE-2026-27771) in Gitea’s built-in container registry has been publicly disclosed, allowing any unauthenticated remote attacker to pull private container images without an account, password, or prior access. The flaw affects all Gitea versions before 1.26.2 and went undetected for nearly four years, impacting more than 30,000 deployments across 30+ countries. […]
The post Gitea Container Flaw Exposes Private Images to Attackers appeared first on Cyber Security News.