Misconfiguration
Gitea CVE-2026-20896: Docker Images Trusted a Spoofable Header for Admin Access, Now Under Active Probing
Gitea's official Docker images shipped with reverse-proxy header trust wide open by default, letting anyone who can reach the port impersonate any user including an admin — Sysdig has now caught the first in-the-wild probing, 13 days after disclosure.