ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)
Threat actors are exploiting CVE-2026-20896, a critical Gitea Docker flaw with a CVSS score of 9.8. The vulnerability trusts the X-WEBAUTH-USER header from any IP due to a hard-coded wildcard in the default app.ini template. Sysdig detected the first exploitation attempt 13 days after disclosure, affecting versions before 1.26.3.
Tracked by ByteBrief