A major security vulnerability has been discovered in Gitea, a widely used open-source Git hosting platform. Researchers revealed that the flaw could allow anyone to access private container images without logging in. The issue has been identified as CVE-2026-27771 and affects versions earlier than 1.26.2. Security experts warned that the vulnerability could expose sensitive software resources stored on affected servers.

The vulnerability exists in Gitea’s container registry feature, which is used to store and manage container images. Normally, private container images require authentication before they can be downloaded using tools like Docker. However, researchers found that vulnerable Gitea servers failed to properly enforce access restrictions. Because of this mistake, private images could reportedly be accessed publicly without credentials.

Cybersecurity researchers from NoScope stated that the flaw may have remained unnoticed for almost four years. During their investigation, they estimated that more than 30,000 Gitea deployments across over 30 countries could be affected. Countries with the largest number of exposed systems reportedly include the United States, China, Germany, France, and the United Kingdom. Researchers described the issue as a serious risk for organizations relying on private registries.

Container images are commonly used by developers to package applications, services, and software environments. Many companies store important internal applications and development tools inside private container registries. If attackers gain access to these images, they may discover sensitive application code, configuration files, or software dependencies. This information could later help attackers target organizations more effectively.

Researchers explained that the vulnerability was caused by improper permission handling inside Gitea’s package system. Even though container images were marked as private, the server did not correctly verify whether a user was authorized to access them. As a result, unauthenticated users could pull private images directly from vulnerable servers. This created a situation where supposedly hidden resources became publicly accessible.

Several industries may be affected by this vulnerability, according to researchers involved in the investigation. These include healthcare organizations, aerospace companies, internet service providers, and retail infrastructure businesses. Since many organizations use self-hosted development platforms, the impact of the issue could be widespread. Researchers also warned that the exposure of private software packages may increase future cybersecurity risks.

The report also mentioned that some forks of Gitea could be vulnerable to the same issue. Researchers specifically stated that Forgejo, a known fork of Gitea, was confirmed to be affected during testing. Administrators were advised not to assume that forks are safe unless maintainers have independently verified and fixed the vulnerability. This warning highlights the importance of checking all related deployments carefully.

To address the problem, Gitea released version 1.26.2 with an official fix for CVE-2026-27771. Security experts strongly recommended that administrators update their servers as soon as possible to prevent unauthorized access. For organizations unable to update immediately, researchers suggested enabling the “REQUIRE_SIGNIN_VIEW=true” configuration setting as a temporary workaround. The incident highlights how small permission errors can create major security risks in modern container infrastructure.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news