Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the ...
CVE-2026-20896 lets reachable Gitea Docker containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results