Insufficient Permission Checks in Gitea Affecting Package Sources
CVE-2026-27771
What is CVE-2026-27771?
Gitea versions up to and including 1.26.1 are affected by a security vulnerability stemming from inadequate permission checks related to Composer package source links. This oversight can potentially lead to unauthorized access to sensitive internal package source information, risking the exposure of private data within the development environment. Users are strongly advised to update to Gitea version 1.26.2 or later to mitigate this risk and enhance the security of their applications.
Affected Version(s)
Gitea Open Source Git Server 0 <= 1.26.1
News Articles
Gitea Container Vulnerability Exposes Private Container Images to Attackers - IT Security News
A critical security vulnerability in Gitea’s built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted Git and CI/CD environments. The flaw, tracked as CVE-2026-27771, allows remote attackers to ...
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure - IT Security News
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to access private container images without credentials. This flaw poses a serious risk as it can expose sensitive application data, including sou...
Gitea Flaw Left 30,000 Deployments' Private Container Images Readable for 4 Years
Gitea vulnerability CVE-2026-27771 let anyone pull private container images from 30,000-plus self-hosted deployments with no credentials required. Noscope found the flaw affected healthcare,
References
CVSS V3.0
Timeline
Vulnerability published
- đź“°
First article discovered by The Hacker News
Vulnerability Reserved
