Self-Hosted

vulnerability 2026-05-27
Gitea CVE-2026-27771: Container Registry Hands Out Private Images Without Authentication, 30,000 Instances Exposed
A four-year-old flaw in Gitea's OCI container registry lets anyone on the internet pull images marked private. 30,000+ deployments are exposed, Forgejo inherits the bug, and the only real fix is upgrading to 1.26.2 or forcing sign-in for all content.
gitea forgejo cve-2026-27771 container-registry oci self-hosted git-server supply-chain
vulnerability 2026-04-27
CrowdStrike LogScale CVE-2026-40050: Unauthenticated Path Traversal Reads Arbitrary Files (CVSS 9.8)
A critical unauthenticated path-traversal flaw (CVSS 9.8) in CrowdStrike LogScale Self-Hosted lets remote attackers read arbitrary server files via an exposed cluster API endpoint. SaaS already mitigated; on-prem operators must patch immediately.
crowdstrike logscale cve-2026-40050 path-traversal siem observability self-hosted
2026-04-12
Self-Hosted and Unprotected: The AI Workflow Tool Security Crisis
Langflow, Flowise, n8n, ComfyUI — every major self-hosted AI workflow tool has shipped unauthenticated RCE vulnerabilities in 2026. This isn't a coincidence. It's a structural failure baked into how these tools were designed.
ai-infrastructure vulnerability rce langflow flowise n8n comfyui mcp self-hosted credential-theft

Gitea CVE-2026-27771: Container Registry Hands Out Private Images Without Authentication, 30,000 Instances Exposed