PT-2026-52216 · Undefined · Undefined

Published

2026-06-25

Updated

2026-06-26

CVE-2026-20896

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

⚠️⚠️ CVE-2026-20896 (CVSS 9.8): Gitea Docker images default REVERSE PROXY TRUSTED PROXIES=* — with reverse-proxy auth on, any IP can impersonate any user via X-WEBAUTH-USER. 🔗FOFA Link: https://t.co/w2rhVF9HFa 🎯244.5K+ Results are found on https://t.co/HSOBZfCA2r in the past year. FOFA Query: app="Gitea" 🔖Refer: https://t.co/64ZP4hKcuj #OSINT #FOFA #CyberSecurity #Vulnerability

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-20896

Affected Products

Undefined

PT-2026-52216 · Undefined · Undefined

CVE-2026-20896

Related Identifiers

Affected Products

References · 3