Back to Blog
Cybersecurity May 29, 2026 5 min read

CVE-2026-27771: Gitea Flaw Exposed Private Container Images Across 31,750 Deployments for 4 Years

A critical access control bug in Gitea's container registry allowed any unauthenticated user to pull private Docker and OCI images via standard protocol calls, bypassing UI-layer restrictions. The flaw existed undetected for approximately four years — patch to Gitea 1.26.2 now.

CVE-2026-27771: Gitea Flaw Exposed Private Container Images Across 31,750 Deployments for 4 Years

CVE-2026-27771 (CVSS 8.2) in Gitea’s container registry allowed any unauthenticated user to pull private Docker and OCI images without credentials. The access control was enforced at the UI layer — the web interface correctly blocked access — but the underlying OCI Distribution Specification API endpoints were fully open. Any standard docker pull or oras pull command against the registry URL returned the image regardless of visibility settings.

The flaw affected approximately 31,750 internet-facing Gitea instances. It also affects Forgejo, which forks Gitea’s container registry code. Security researchers at AI pentesting firm NoScope discovered the vulnerability during an engagement and reported it to the Gitea security team. The fix shipped in Gitea 1.26.2, released the week of May 28, 2026.

Affected versions: Gitea 1.21.0 through 1.26.1. Forgejo users should check the Forgejo security advisory for their patched version.

Upgrade now: gitea update or pull the 1.26.2 container image from gitea/gitea:1.26.2.

Why this went undetected for four years

The root cause is a common pattern in systems with layered access controls: the UI and the underlying protocol are treated as equivalent enforcement surfaces, when they are not. Gitea’s UI code checked visibility flags before rendering the “pull” button. The OCI registry API handler — the code path that docker pull actually hits — had no such check.

A developer testing their private registry would log into the web UI, see their images listed as private, and conclude access was restricted. They would never test the equivalent docker pull command from an unauthenticated context, because the UI told them it was working.

This is not unique to Gitea. Many systems enforce authorization at the presentation layer and leave protocol-level endpoints unguarded. The attack surface only becomes visible when you test the transport, not the interface.

The blast radius

Healthcare providers, aerospace manufacturers, and internet service providers were among the confirmed affected organizations, according to NoScope’s disclosure. Private container images typically contain compiled application code, configuration files, environment variable templates, and in some cases embedded credentials or API keys used during build time. Four years of exposure is enough time for those images to have accumulated substantial sensitive data.

The exposure was also silent. Gitea does not log unauthenticated pulls to the container registry in default configuration — affected organizations have no way to audit whether their images were accessed.

Immediate actions

  1. Patch to Gitea 1.26.2 immediately — no configuration change closes this without the code fix.
  2. Rotate any secrets that may have been embedded in private container images or build contexts stored in the registry.
  3. Review image history: docker history <image> reveals layers. Any layer with credentials, tokens, or private keys should be treated as compromised.
  4. Enable audit logging on the registry endpoint after upgrading, so unauthenticated access attempts are visible going forward.

Sources

CVE-2026-27771 Gitea container security Docker vulnerability supply chain