What is CVE-2026-20896?
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
Timeline
- 2026-07-03Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-06NVD record last updated
- 2026-07-07First covered in a defend.network daily briefing
Affected product
See advisory
Remediation Steps
- Update Gitea Docker images to patched version immediately
- Review access logs for exploitation attempts using X-WEBAUTH-USER headers from untrusted sources
- Disable or restrict X-WEBAUTH-USER header processing if custom authentication is not in use
- Implement network segmentation to limit unauthenticated access to Gitea containers
References
Referenced in our briefings & reports
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.