{"uuid": "62813ac8-aa84-459e-b470-7221608a9c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20896", "type": "seen", "source": "https://bsky.app/profile/thecybersecguru.com/post/3mp65jcs6sh27", "content": "Three Vulnerabilities, One Platform: Why Your Self-Hosted Gitea/Gogs Instance Is Probably Already\u00a0Owned\n\nThree critical Gitea and Gogs CVEs disclosed in 2026: a CVSS 9.8 auth bypass via X-WEBAUTH-USER header,\u2026\n\nhttps://thecybersecguru.com/news/cve-2026-20896-gitea-authentication-bypass-dom-xss-ssrf/", "creation_timestamp": "2026-06-26T04:52:06.315766Z"}