Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
By
[email protected] (The Hacker News)
2d agoen
Source
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated
You might also wanna read
Critical Gitea Flaw Under Active Exploitation, Researchers Warn
BackBox.org·23h ago
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu
CVE-2026-8037: Critical Unauthenticated RCE in Progress Kemp LoadMaster Actively Exploited
A critical unauthenticated remote code execution vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster is being actively exploited in th
undercodetesting.com·4d agoCritical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation
CVE-2026-20230 is a high-severity (CVSS 8.6) vulnerability in Cisco Unified CM involving improper HTTP input validation, enabling unauthenti
Critical Windows Netlogon Flaw CVE-2026-41089 Actively Exploited for Remote Code Execution
A critical Windows Netlogon vulnerability (CVE-2026-41089) with a CVSS score of 9.8 is being actively exploited by threat actors to achieve

Comments
Sign in to join the conversation.
No comments yet. Be the first.