Gitea Vulnerability Exposes Private Container Images without Authentication

Researchers disclosed CVE-2026-27771 in Gitea that permitted unauthenticated users to pull private container images from affected instances; the flaw affects versions prior to 1.26.2, likely impacts over 30,000 deployments across many countries and sectors, and Forgejo forks may also be impacted. Users are advised to upgrade to the fixed release or apply a temporary configuration workaround (service.REQUIRE_SIGNIN_VIEW=true) while noting the report contains an inconsistent version reference that should be validated.