Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the ...
CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...