Gitea container registry unauthenticated private-image pull (~30,000+ deployments, 4-year exposure window); Forgejo confirmed affected
cve · CVE-2026-27771
Coverage timeline
1
first 2026-05-28 → last 2026-05-28
Briefs
1
1 distinct
Sources cited
5
5 hosts
Sections touched
1
verification_notes
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-28CTI Daily Brief — 2026-05-28
Where this entity is cited
- verification_notes1
Source distribution
- helpnetsecurity.com1 (20%)
- msrc.microsoft.com1 (20%)
- noscope.com1 (20%)
- security-hub.ncsc.admin.ch1 (20%)
- thehackernews.com1 (20%)
External references
All cited sources (5)
- noscope.comprimaryinlineNoScopehttps://www.noscope.com/blog/gitea-instances-exposing-private-container
- helpnetsecurity.cominlineHelp Net Security, 2026-05-26https://www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659/
- msrc.microsoft.cominlineMicrosoft MSRChttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45659
- security-hub.ncsc.admin.chinlineNCSC-CH post 12594https://security-hub.ncsc.admin.ch/#/posts/12594
- thehackernews.cominlineThe Hacker News, 2026-05-27https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html
Items in briefs about Gitea container registry unauthenticated private-image pull (~30,000+ deployments, 4-year exposure window); Forgejo confirmed affected
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.