CVE-2026-27771
HIGH NUCLEIGitea Composer package source links use insufficient permission checks
Title source: cnaExploitation Summary
EIP tracks 2 public exploits for CVE-2026-27771. PoCs published by portbuster1337, HORKimhab. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-27771, an authentication bypass vulnerability in Gitea's container registry (versions < 1.26.2). The exploit allows unauthenticated attackers to pull private container images by leveraging a flaw in the ReqContainerAccess middleware that fails to check package owner visibility for ghost users (UserID: -1).
Description
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
Exploits (2)
This repository contains a functional exploit for CVE-2026-27771, an authentication bypass vulnerability in Gitea's container registry (versions < 1.26.2). The exploit allows unauthenticated attackers to pull private container images by leveraging a flaw in the ReqContainerAccess middleware that fails to check package owner visibility for ghost users (UserID: -1).
This repository contains no functional exploit code, technical details, or vulnerability analysis for CVE-2026-27771. It only includes placeholder files (README, LICENSE, .gitignore, and a template file) with generic educational disclaimers and usage instructions.
Nuclei Templates (1)
http.html:"Gitea"
app="Gitea"
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N