A critical vulnerability in Gitea's official Docker images, tracked as CVE-2026-20896, is being actively exploited by attackers to bypass authentication and expose repositories and sensitive data. This flaw, which has a CVSS score of 9.8, can be exploited by simply adding a single HTTP header, granting access to any internet-facing Gitea instance without requiring a password or token. The vulnerability affects Gitea versions prior to 1.26.3 and has been exploited just 13 days after its disclosure1. The rapid exploitation of this flaw highlights the importance of prompt patching and highlights the expanded attack surface. As a result, practitioners should prioritize mitigation based on their exposure and evidence of exploitation. The active exploitation of CVE-2026-20896 poses a significant risk to organizations using vulnerable Gitea versions, making immediate action necessary to prevent unauthorized access to sensitive data.