- Description
- Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
- Source
- 88ee5874-cf24-4952-aea0-31affedb7ff2
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 88ee5874-cf24-4952-aea0-31affedb7ff2
- CWE-284
- Hype score
- Not currently trending
It's Already When. — Field Note Active exploitation of max-severity ColdFusion (CVE-2026-48282), Langflow, and Gitea (CVE-2026-20896) flaws, plus GhostLock (CVE-2026-43499)... https://t.co/89LSZTiW9G #CyberSecurity #BlueTeam
@itsalreadywhen
8 Jul 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
匿名の研究者がゼロデイ数件をGitHubリポジトリで公開(CVE-2026-55200、CVE-2026-20896) | Codebook|Security News https://t.co/NGnxaYYb9X
@fd0
5 Jul 2026
536 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
匿名の研究者がゼロデイ数件をGitHubリポジトリで公開(CVE-2026-55200、CVE-2026-20896) https://t.co/OZreuEoWQc
@crossbreed_dog
4 Jul 2026
38 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes
匿名の研究者がゼロデイ数件をGitHubリポジトリで公開(CVE-2026-55200、CVE-2026-20896) https://t.co/Bqw7agdx3U
@ragemax
1 Jul 2026
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
匿名の研究者がゼロデイ数件をGitHubリポジトリで公開(CVE-2026-55200、CVE-2026-20896) | Codebook|Security News https://t.co/1ICgrseNLp
@ohhara_shiojiri
30 Jun 2026
80 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️匿名の研究者がゼロデイ数件をGitHubリポジトリで公開(CVE-2026-55200、CVE-2026-20896) 〜サイバーアラート6月30日〜 https://t.co/QjIVS2Mp07
@MachinaRecord
30 Jun 2026
204 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes