Anyone running Gitea with private images? Update now

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Self-hosted › Anyone running Gitea with private images? Update now

freitasm

BDFL - Memuneh
80950 posts

Uber Geek
+1 received by user: 41720

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#324811 29-May-2026 08:45

If you run Gitea and expose it to the Internet (why?), then you should update it now

If you run a self-hosted Gitea instance with the container registry enabled, your “private” images were not private. CVE-2026-27771, disclosed this week, reveals that any unauthenticated person on the internet could pull container images marked as private from Gitea deployments — no account, no password, no credentials required. The flaw went undetected for close to four years and likely affects more than 30,000 deployments worldwide. Update to Gitea 1.26.2 now.

Gitea CVE-2026-27771: Private Container Images Were Never Private | byteiota

Gitea Container Registry Flaw | Orca Security

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

deadlyllama

1293 posts

Uber Geek
+1 received by user: 484

Trusted

#3496380 29-May-2026 09:11

Well that's an utter pain, because now I have to choose between Gitea and Forgejo. If I upgrade to Gitea 1.26, I can't migrate as easily to Forgejo.

News and reviews »

OPPO Watch X3 Launches in New Zealand
Posted 5-Jun-2026 17:01

Blink Debuts Its First 2K Video Doorbell
Posted 4-Jun-2026 15:45

Spark Launches Verified Call to Help Combat Rising Impersonation Scams
Posted 4-Jun-2026 06:00

GoPro MISSION 1 Series Cameras and Accessories Now Available on Retail Shelves
Posted 3-Jun-2026 15:56

Samsung Launches Next-Gen Odyssey Gaming and ViewFinity Monitors
Posted 2-Jun-2026 14:00

Samsung 27-inch Odyssey G8 5K Review
Posted 2-Jun-2026 14:00

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright