CVEGiteacontainersaccess control
CVE-2026-27771: Your 'Private' Container Images Were Never Private. For Four Years.
Gitea's container registry had a critical access control flaw that let anyone pull 'private' images without authentication. It went undetected for nearly four years. 30,000 deployments affected.
May 27, 2026