CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-27771

CVE-2026-27771: Authentication Bypass and Information Disclosure in Gitea Container and Composer Registries

Alon Barad
Alon Barad
Software Engineer

Jul 18, 2026·7 min read·3 visits

Executive Summary (TL;DR)

Missing authorization checks in Gitea up to v1.26.1 allow unauthenticated attackers to pull private container images and expose internal Composer repository URLs. Immediate upgrade to v1.26.2 or setting REQUIRE_SIGNIN_VIEW=true is required.

CVE-2026-27771 represents a critical security flaw in Gitea and Forgejo (up to and including version 1.26.1) involving missing authorization checks (CWE-862). Unauthenticated remote attackers can query, enumerate, and download private container images from the OCI-compliant container registry. Additionally, unauthorized users can retrieve private or internal source repository URLs via the Composer package registry metadata API. A public proof-of-concept exists, and threat metrics indicate highly active scanning and exploitation risks.

Vulnerability Overview

CVE-2026-27771 is a critical security vulnerability within Gitea and its fork Forgejo that stems from missing authorization checks (CWE-862). The flaws reside in the platform's package management endpoints, specifically affecting the OCI-compliant container registry and the Composer package registry metadata API. By exploiting these weaknesses, an unauthenticated remote attacker can query, list, and download private container images or extract sensitive package source URLs without authentication.

The main attack vector is situated within Gitea's implementation of the Docker Registry HTTP API V2. The token distribution endpoint designed to authorize OCI distribution clients fails to evaluate the relationship between anonymous clients and private package resources. When the instance is configured to allow public access but hosts private container images, the container registry middleware exposes administrative-level image query capabilities to completely unauthenticated requests.

This exposure leads to a critical breach of confidentiality, as container layers frequently contain proprietary source code, hardcoded credentials, TLS certificates, and other environment configuration variables. Furthermore, the accompanying information disclosure flaw in the Composer API exposes internal dependency hierarchies and repository paths, enabling targeted supply chain attacks. This technical analysis explores the underlying programmatic flaws, the mechanics of exploitation, and defensive mitigations.

Root Cause Analysis

The root cause of the container registry authentication bypass lies in the ReqContainerAccess middleware handler located in the routers/api/packages/container/container.go source file. To support the Docker/OCI Distribution Specification, Gitea distributes JSON Web Tokens (JWTs) via the /v2/token endpoint to authenticate clients. When the global configuration parameter REQUIRE_SIGNIN_VIEW is set to false, unauthenticated users are assigned the identity of a ghost user with a unique user identification number of -1.

The middleware handler is designed to block unauthorized requests by evaluating the client's session state. However, the handler only restricts ghost users when the configuration variable RequireSignInViewStrict is explicitly enabled. If this strict sign-in view flag is disabled, the middleware validates the anonymous token and permits execution to flow directly into the registry routing endpoints.

Importantly, the middleware completely lacks logical validation checks to verify whether the ghost user possesses read permissions for the target repository owner's package space. The application does not check whether the repository has a public, limited, or private visibility status. Consequently, an anonymous request is treated as authorized, allowing arbitrary access to container catalogs and layer blob payloads.

A secondary, distinct root cause affects the Composer metadata API endpoint /api/packages/<username>/composer. The createPackageMetadataResponse function constructs metadata payloads for Composer dependencies by extracting repository information. The application unconditionally exposes the inner repository URL via the HTMLURL() function without performing any authorization checks against the calling user's permissions, leading to a direct leak of private repository pathways.

Code Analysis

The vulnerable handler structure in Gitea's codebase did not validate ownership access bounds when evaluating anonymous requests. The conditional evaluation inside the ReqContainerAccess function only restricted access if strict sign-in was explicitly active.

// Vulnerable handler structure in routers/api/packages/container/container.go
func ReqContainerAccess(ctx *context.Context) {
    if ctx.Doer == nil || (setting.Service.RequireSignInViewStrict && ctx.Doer.IsGhost()) {
        apiUnauthorizedError(ctx)
    }
}

The vulnerability lies in the conditional check shown above. When ctx.Doer is a ghost user, the logical AND operator requires setting.Service.RequireSignInViewStrict to be true in order to execute the unauthorized error handler. When the strict configuration is false, Gitea skips the error handler entirely, allowing anonymous operations on any path.

The remediation patch (introduced in PR #37290) corrects this behavior by rewriting the APIUnauthorizedError function. The patch forces Gitea to lookup the target owner's visibility properties and globally require sign-in checks before configuring authorization headers:

@@ -125,8 +126,15 @@ func APIUnauthorizedError(ctx *context.Context) {
 	// container registry requires that the "/v2" must be in the root, so the sub-path in AppURL should be removed
 	realmURL := httplib.GuessCurrentHostURL(ctx) + "/v2/token"
 	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+realmURL+`",service="container_registry",scope="*"`)
-	// support apple container like: container registry login <gitea-host> -u
-	ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Gitea Container Registry"`)
+
+	ownerName := ctx.PathParam("username")
+	owner, _ := user_model.GetUserByName(ctx, ownerName)
+	requireSignIn := owner != nil && owner.Visibility != structs.VisibleTypePublic
+	requireSignIn = requireSignIn || setting.Service.RequireSignInViewStrict
+	if requireSignIn {
+		// support apple container like: container registry login <gitea-host> -u
+		ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Gitea Container Registry"`)
+	}
 	apiErrorDefined(ctx, errUnauthorized)
 }

The patched code retrieves the target package owner's profile based on the URL parameter. It evaluates whether the owner's visibility is non-public or if strict sign-in is globally enforced. If either condition is met, Gitea correctly demands authentication, preventing the unauthenticated ghost user session from proceeding.

Exploitation Methodology

Exploiting this vulnerability requires zero configuration privileges and no active user interaction. The attack begins with pre-flight capability enumeration to confirm the existence of the container registry endpoint. An attacker sends a standard GET request to /v2/ and observes the authentication challenge headers returned by the server.

Following verification, the attacker requests an OCI bearer token from /v2/token, passing a wildcard scope parameter. The server grants a JWT scoped to the ghost user session. Because the middleware fails to check package owner visibility relative to the ghost user, the attacker can use this token to query the global index catalog endpoint at /v2/_catalog.

Once the catalog is returned, the attacker enumerates all public and private image repositories hosted on the registry. The attacker then requests the manifests for a target private repository using the bearer token. This response returns a list of layer blob digests, which the attacker downloads individually using the blob download API. Extracting these layers locally reconstructs the target container filesystem, exposing internal files.

Impact Assessment

The impact of CVE-2026-27771 is severe, resulting in the complete loss of confidentiality for all private container images hosted on the affected Gitea instance. In typical devops workflows, container images contain compiled application binaries, proprietary source code scripts, and system configuration files. Attackers can analyze these files to identify secondary application vulnerabilities or extract hardcoded secrets.

Beyond intellectual property theft, container layers frequently contain embedded database credentials, API keys, TLS private keys, and cloud infrastructure environment variables. Access to these credentials can facilitate immediate lateral movement within the target network or cloud environment. This elevates the risk from simple information disclosure to full infrastructure compromise.

The CVSS v3.0 score is rated at 8.2 with a high confidentiality impact rating. Furthermore, the EPSS score places this vulnerability in the 98th percentile for exploitation probability, driven by the release of public proof-of-concept exploits. The low complexity of the attack coupled with the lack of authentication requirements makes this a highly attractive target for automated scanning and mass exploitation.

Detection and Remediation

Immediate remediation requires upgrading the Gitea instance to version v1.26.2 or higher, which introduces proper authorization validations on both the container registry and Composer endpoints. For Gitea deployments managed via Docker, administrators should update the container image tag to 1.26.2 or the latest stable patch release. Systems should be restarted to ensure all active middleware handlers are updated.

If an immediate upgrade is not feasible, administrators can apply a temporary configuration workaround to mitigate the container registry bypass. By editing the global Gitea configuration file app.ini and enabling the strict sign-in view setting, the anonymous access path is blocked. This configuration is located in the [service] block as shown below:

[service]
REQUIRE_SIGNIN_VIEW = true

Note that applying this mitigation blocks all anonymous browsing of Gitea, forcing all users to authenticate before accessing any resources. Security teams should also monitor system logs for unauthorized requests targeting the /v2/_catalog or /api/packages/ endpoints, as these are clear indicators of potential reconnaissance or exploitation attempts.

Official Patches

GiteaFix container registry authorization bypass
GiteaFix Composer package source link disclosure

Technical Appendix

CVSS Score
8.2/ 10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Probability
40.74%
Top 2% most exploited

Affected Systems

Gitea Open Source Git ServerForgejo Git Server

Affected Versions Detail

Product
Affected Versions
Fixed Version
Gitea
Gitea
>= 1.17.0, <= 1.26.11.26.2
Forgejo
Forgejo
<= 1.26.11.26.2
AttributeDetail
CWE IDCWE-862
Attack VectorNetwork
CVSS Score8.2
EPSS Score0.40738 (98.50th Percentile)
ImpactInformation Disclosure / Code Leakage
Exploit StatusProof-of-Concept Available
KEV StatusNot Listed

MITRE ATT&CK Mapping

T1068Exploitation for Privilege Escalation
Privilege Escalation
T1552Unsecured Credentials
Credential Access
T1567Exfiltration Over Web Service
Exfiltration
CWE-862
Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Known Exploits & Detection

GitHubProof-of-Concept Python exploitation repository for CVE-2026-27771

References & Sources

  • [1]NVD CVE-2026-27771
  • [2]CVE Record CVE-2026-27771
  • [3]GitHub Security Advisory GHSA-8qw8-rq86-9pc2
  • [4]Gitea Pull Request 37290
  • [5]Gitea Pull Request 37610
  • [6]Gitea Blog: Release of 1.26.2
  • [7]Gitea Release v1.26.2
  • [8]Orca Security: Gitea Container Registry Vulnerability Analysis
  • [9]GitHub: portbuster1337/CVE-2026-27771

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•11 minutes ago•CVE-2026-11400
8.0

CVE-2026-11400: Privilege Escalation via Untrusted Search Path in AWS Advanced JDBC Wrapper

An untrusted search path vulnerability in the GlobalDatabasePlugin component of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL allows authenticated, low-privilege database users to hijack administrative session queries. By defining a custom function in a writable schema such as the public schema, an attacker can hijack queries executed automatically during driver-level topology detection. When a highly privileged database user connects to the database utilizing an affected version of the wrapper, the custom function executes under their security context, enabling remote privilege escalation to rds_superuser.

Alon Barad
Alon Barad
0 views•6 min read
•about 2 hours ago•GHSA-CVPC-HCCG-WMW4
8.8

GHSA-CVPC-HCCG-WMW4: Missing Authorization in Formie Administrative Settings Allows Privilege Escalation

A missing authorization vulnerability in the Formie plugin for Craft CMS prior to version 3.1.28 allows low-privileged Control Panel users to read and modify sensitive administrative settings, configuration options, and third-party integrations.

Amit Schendel
Amit Schendel
2 views•6 min read
•about 3 hours ago•CVE-2026-53598
7.5

CVE-2026-53598: Arbitrary File Read via File Reference Expansion in Microsoft Prompty

CVE-2026-53598 is a directory traversal and arbitrary file read vulnerability in Microsoft Prompty ecosystem loaders across multiple languages. Prior to version 2.0.0-beta.2, the loaders resolved `${file:...}` reference strings inside frontmatter configuration blocks without enforcing that the target file paths resided within authorized directories. This deficiency allows an attacker-controlled configuration file to read sensitive operating system and application files through absolute paths, directory traversal, or symbolic link escapes. The issue is addressed across the Python, C#, Node.js/TypeScript, and Rust ecosystems.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 4 hours ago•GHSA-MFR4-MQ8W-VMG6
7.3

GHSA-MFR4-MQ8W-VMG6: Path Traversal in proot-distro copy Command Allows Container Escape

A directory traversal vulnerability exists in the copy subcommand of the proot-distro utility. Due to incomplete path sanitization, local attackers or malicious scripts can read from or write to arbitrary files outside the container rootfs, bypassing isolation barriers and potentially gaining unauthorized access or persistent execution on the host system.

Alon Barad
Alon Barad
5 views•7 min read
•about 8 hours ago•GHSA-8QQM-FP2Q-V734
8.2

GHSA-8QQM-FP2Q-V734: Authorization Bypass in Skipper's Open Policy Agent Integration

An authorization bypass vulnerability in the Open Policy Agent (OPA) integration of the Skipper HTTP router allows unauthenticated remote attackers to bypass OPA policy inspection. When an incoming HTTP request declares a Content-Length exceeding Skipper's configured maxBodyBytes limit, Skipper bypasses body parsing and forwards an empty document to OPA, while transmitting the full, uninspected payload intact to the upstream backend.

Amit Schendel
Amit Schendel
6 views•6 min read
•about 10 hours ago•CVE-2026-53597
8.7

CVE-2026-53597: Remote Code Execution in Microsoft prompty via Insecure gray-matter Parsing

CVE-2026-53597 is a high-severity code injection vulnerability in Microsoft's prompty library, specifically affecting the TypeScript loader (@prompty/core). Due to an insecure default configuration in the underlying gray-matter metadata parser, processing untrusted prompt files containing executable JavaScript blocks inside the frontmatter results in arbitrary remote code execution within the security context of the parent Node.js process.

Amit Schendel
Amit Schendel
8 views•6 min read