CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the ...