A vulnerability in open source, self-hosted Git service Gitea could have allowed unauthenticated attackers to pull private container images from over 30,000 deployments, AI pentesting firm NoScope warns.
Tracked as CVE-2026-27771, the security flaw is described as an access control issue impacting Gitea’s built-in container registry. Forgejo, which shares the implementation, is also affected. Other Gitea-derived forks may be impacted as well.
Due to the flaw, authentication requirements were not enforced on images marked as private, and the container registry still served them in response to standard, anonymous Docker/OCI pull requests to the registry API.
The security defect lurked in Gitea’s code for approximately four years before being patched in version 1.26.2, which was released last week.
“Gitea’s container registry has allowed any person on the internet, with no account, no password, and no prior access, to pull what would be considered private container images at first glance from affected instances as if they were public,” NoScope says.
Because container images may contain sensitive information such as source code, secrets, and production infrastructure details, the impact from the bug is considerable, the security firm warns.
According to NoScope, a Shodan search uncovered over 34,000 internet-facing Gitea instances. Of these, approximately 93%, or 31,750, were likely vulnerable.
Analysis of the potentially affected deployments revealed that roughly 4,000 were production systems running on major cloud or VPS platforms. Approximately 7,000 instances, NoScope says, were running on Gitea’s default port.
“The data is unambiguous. These aren’t hobby machines. These are organisations that made a deliberate decision to self-host their development infrastructure, running it on production-grade compute, for real workloads,” the AI pentesting firm notes.
Organizations are advised to update to Gitea version 1.26.2 immediately, or to change the configuration settings to require authentication for all content access.
“Note that this setting is not suitable for instances that intentionally expose some containers publicly; operators in that situation should weigh the trade-off carefully,” NoScope says.
Related: Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
Related: Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
Related: Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
Related:‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
