Skip to content
Vulnerability intelligence

CVE-2026-20896

A CVSS 9.8 authentication bypass in Gitea Docker images was under active probing within 13 days of disclosure. The flaw requires a non-default configuration — but the Docker image ships with that configuration enabled.

2026