1 story taggedCVE-2026-20896.
A missing check in Gitea's Docker images let attackers claim any username by adding a single header. Sysdig says probing began within days of the patch.