Gitea Vulnerability Exposes Private Container Images without Authentication

A remote code execution vulnerability (CVE-2026-27771) in Gitea allows unauthenticated attackers to pull private container images without authentication, affecting all versions prior to 1.26.2.

1. Gitea vulnerability (CVE-2026-27771) allows unauthenticated remote code execution.
2. All Gitea versions prior to 1.26.2 are affected, with potential for exploitation.
3. Attackers can pull private container images without authentication, enabling lateral movement.
4. Detection opportunities include unusual network traffic or container image access patterns.

T1210 - Exploitation of Remote Services

CVE-2026-27771
Gitea versions prior to 1.26.2

Update to Gitea version 1.26.2 or later to remediate the vulnerability.