Security Flaw in Gitea Allows Unauthenticated Access to Private Container Images

Cybersecurity researchers disclosed a security flaw in Gitea, an open-source self-hosted version control platform, allowing unauthenticated remote attackers to access private container images without credentials. The vulnerability, assigned CVE-2026-27771 with a CVSS score of 8.2, impacts all Gitea versions prior to 1.26.2. No authentication, passwords, or user accounts are required for exploitation. The flaw specifically enables unauthorized retrieval of private container images from affected Gitea deployments. No additional technical details or attack vectors were provided in the disclosure.