{"vulnerability": "CVE-2026-2777", "sightings": [{"uuid": "f742f56a-9523-40b4-8ae5-a1636630637b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2777", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mfv4yf4dfo2t", "content": "", "creation_timestamp": "2026-02-28T02:01:54.066425Z"}, {"uuid": "dbc27a63-08c3-43fb-a833-7410cdd7bdb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27778", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mge7o5lsyc2n", "content": "", "creation_timestamp": "2026-03-06T01:59:45.843757Z"}, {"uuid": "957d2616-14d6-4b94-b180-bbcaab1a7ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27772", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mft2ycmowo2s", "content": "", "creation_timestamp": "2026-02-27T06:20:42.772062Z"}, {"uuid": "2311fcf0-c92a-4445-b696-3c449cc91787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27778", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-07", "content": "", "creation_timestamp": "2026-03-03T11:00:00.000000Z"}, {"uuid": "ddb156fd-9755-4969-baad-7b8791875416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27770", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-07", "content": "", "creation_timestamp": "2026-03-03T11:00:00.000000Z"}, {"uuid": "86ad803f-d888-4f9f-bbd4-a4fd13e849f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27777", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-06", "content": "", "creation_timestamp": "2026-03-03T11:00:00.000000Z"}, {"uuid": "f0038eb6-3049-4b01-a878-cb6d460e286c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mftfmqlnli2x", "content": "", "creation_timestamp": "2026-02-27T09:31:06.324944Z"}, {"uuid": "095f75d5-373e-4647-971c-d973aab70550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2777", "type": "seen", "source": "https://bsky.app/profile/slackers.it/post/3mfnevqoyme27", "content": "", "creation_timestamp": "2026-02-25T00:02:18.431604Z"}, {"uuid": "b27d67b5-edf1-48bf-b9bd-042fc3e03f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27778", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgex6vmvf226", "content": "", "creation_timestamp": "2026-03-06T09:00:44.542459Z"}, {"uuid": "04dbfa89-4eec-4e2e-aefe-f09c9eff9a19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27773", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-06", "content": "", "creation_timestamp": "2026-02-26T11:00:00.000000Z"}, {"uuid": "062cb853-ddbb-4a5f-8a22-17b8b06e53e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27772", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mg3q4qdwqa2a", "content": "", "creation_timestamp": "2026-03-02T17:00:17.435255Z"}, {"uuid": "0c37b98f-602e-4afe-b90c-938676b2779e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27772", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-07", "content": "", "creation_timestamp": "2026-02-26T11:00:00.000000Z"}, {"uuid": "c47d2a78-b7f4-48ef-a64a-f02d0795d47f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mmthkxnatz2o", "content": "Gitea\u8106\u5f31\u6027\u3001\u8a8d\u8a3c\u306a\u3057\u306730,000\u30c7\u30d7\u30ed\u30a4\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3092\u516c\u958b\n\nGitea \u306e CVE-2026-27771 \u306b\u3088\u308a\u3001\u8a8d\u8a3c\u306a\u3057\u3067\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002\u7d0430,000\u306e\u30c7\u30d7\u30ed\u30a4\u30e1\u30f3\u30c8\u304c\u5f71\u97ff\u3092\u53d7\u3051\u3001\u4e16\u754c\u4e2d\u3067\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u30ea\u30b9\u30af\u304c\u751f\u3058\u3066\u3044\u307e\u3059\u3002\u81f3\u6025\u306e\u30d1\u30c3\u30c1\u9069\u7528\u304c\u5fc5\u8981\u3067\u3059\u3002\n\n#\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9 #CVE #\u8106\u5f31\u6027", "creation_timestamp": "2026-05-27T12:02:14.831583Z"}, {"uuid": "69501a29-d80c-45d4-ad2e-92b04f864d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27778", "type": "seen", "source": "Telegram/Kpinjgfg7hU-Y0woYeGb9H2V371wI5HRa91l02rkOQqEx9k", "content": "", "creation_timestamp": "2026-05-04T07:00:11.000000Z"}, {"uuid": "1cce2d35-b780-40f6-aab3-59ffe96c3044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27778", "type": "seen", "source": "Telegram/XcvE3DqJ3gfHbHlWBgCF8vzzdw-S4AP1Zm_7A_yYzHhyXEw", "content": "", "creation_timestamp": "2026-05-04T09:00:04.000000Z"}, {"uuid": "7c0eb7ac-fb41-4357-a12c-f56f9fd4b170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-27776", "type": "seen", "source": "https://jvn.jp/en/jp/JVN80500630/", "content": "", "creation_timestamp": "2026-03-02T05:00:00.000000Z"}, {"uuid": "7eaaff19-1ebe-499e-876d-233fcf325c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27776", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhqd7g7vgh2r", "content": "", "creation_timestamp": "2026-03-23T15:00:15.020990Z"}, {"uuid": "c40df4a5-0c94-4cfd-b2f8-93da3cd79b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmticw7cvf2a", "content": "Gitea 1.26.2\u672a\u6e80\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001\u8a8d\u8a3c\u306a\u3057\u306b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u304c\u6f0f\u6d29\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2026-27771\uff09\u304c\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002", "creation_timestamp": "2026-05-27T12:15:42.706791Z"}, {"uuid": "03387880-47ff-43b5-90eb-374b0249c946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://t.me/thehackernews/9089", "content": "\ud83d\udea8 Gitea flaw exposes private container images without authentication.\n\nhttps://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html\n\nCVE-2026-27771 affects all Gitea versions before 1.26.2 and likely impacts 30,000+ deployments worldwide. Attackers can pull private images without an account or password.\n\nUpdate now or enable REQUIRE_SIGNIN_VIEW as a temporary workaround.", "creation_timestamp": "2026-05-27T10:09:05.000000Z"}, {"uuid": "b1007ed9-3427-4626-ae5c-22943e3a3e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://t.me/GithubRedTeam/86139", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-27771\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a portbuster1337\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-27 15:56:05\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-27T16:00:06.000000Z"}, {"uuid": "7c1e9c5c-d8cf-4edc-b022-9489e6017c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html", "content": "Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.\n\nThe vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2", "creation_timestamp": "2026-05-27T08:06:32.000000Z"}, {"uuid": "d1958074-f083-44a1-8a91-671eb24e03a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mmvwgj5era2p", "content": "CVE-2026-27771 let unauthenticated users pull private container images from affected Gitea instances via anonymous registry requests.\n", "creation_timestamp": "2026-05-28T11:33:31.603908Z"}, {"uuid": "4bc4ad35-9c59-49ee-aa4f-eae68acd57cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mmvfhmokq32k", "content": "\ud83e\uddf5Durant uns 4 anys, qualsevol ha pogut descarregar imatges \"privades\" de Gitea sense compte ni contrasenya. Hi ha m\u00e9s de 30.000 inst\u00e0ncies afectades en 30 pa\u00efsos. L'etiqueta \"privat\" senzillament no funcionava com s'esperava al registre de contenidors.\nCVE-2026-27771", "creation_timestamp": "2026-05-28T06:29:55.050778Z"}, {"uuid": "42888755-3b01-43b1-9ba3-514be6ae9ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mmvfhmoxgd2k", "content": "\ud83e\uddf5Durant uns 4 anys, qualsevol ha pogut descarregar imatges \"privades\" de Gitea sense compte ni contrasenya. Hi ha m\u00e9s de 30.000 inst\u00e0ncies afectades en 30 pa\u00efsos. L'etiqueta \"privat\" senzillament no funcionava com s'esperava al registre de contenidors.\nCVE-2026-27771", "creation_timestamp": "2026-05-28T06:29:55.589484Z"}, {"uuid": "e2e6c796-918b-444d-bd29-1f4a6956067c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mmvfhmozet2k", "content": "\ud83e\uddf5Durant uns 4 anys, qualsevol ha pogut descarregar imatges \"privades\" de Gitea sense compte ni contrasenya. Hi ha m\u00e9s de 30.000 inst\u00e0ncies afectades en 30 pa\u00efsos. L'etiqueta \"privat\" senzillament no funcionava com s'esperava al registre de contenidors.\nCVE-2026-27771", "creation_timestamp": "2026-05-28T06:29:56.268314Z"}, {"uuid": "edba9a30-cbaf-45c4-8d9b-9c96cbd196ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mmvfhmp3dd2k", "content": "\ud83e\uddf5Durant uns 4 anys, qualsevol ha pogut descarregar imatges \"privades\" de Gitea sense compte ni contrasenya. Hi ha m\u00e9s de 30.000 inst\u00e0ncies afectades en 30 pa\u00efsos. L'etiqueta \"privat\" senzillament no funcionava com s'esperava al registre de contenidors.\nCVE-2026-27771", "creation_timestamp": "2026-05-28T06:29:57.119670Z"}, {"uuid": "b57d8319-6dbc-45a8-8fc0-287f51b0c329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "Telegram/69mEbVY8q7JTbOxcU8Y8fk5qjG-y8rxPRlbyP8YZTdzYGyY", "content": "", "creation_timestamp": "2026-05-27T21:02:13.000000Z"}, {"uuid": "6d0e0033-336c-49fc-a57b-6ac715a1edb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "Telegram/CR33Rmhbqr2sEMDoELtncx05YdfpVXTUFyE7fQfWd38QNhk", "content": "", "creation_timestamp": "2026-05-27T21:00:04.000000Z"}, {"uuid": "07ab76e4-cf1a-43fa-b4b5-c363812a4731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://t.me/true_secator/8254", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 NoScope \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0435 Git Gitea, \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u0430\u043c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u0438\u0437 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 30 000 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2026-27771 \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0435\u0441\u0442\u0440 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Gitea. Forgejo, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u0442\u0443 \u0436\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442. \u0414\u0440\u0443\u0433\u0438\u0435 \u0444\u043e\u0440\u043a\u0438, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 Gitea, \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n\u0412 \u0432\u0438\u0434\u0443 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f \u043a \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u043a \u043e\u0431\u0440\u0430\u0437\u0430\u043c, \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c \u043a\u0430\u043a \u0447\u0430\u0441\u0442\u043d\u044b\u0435, \u0430 \u0440\u0435\u0435\u0441\u0442\u0440 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b \u0438\u0445 \u0432 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b Docker/OCI \u043d\u0430 \u0441\u043b\u0438\u044f\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 API \u0440\u0435\u0435\u0441\u0442\u0440\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u0434\u0435 Gitea \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0447\u0435\u0442\u044b\u0440\u0435 \u0433\u043e\u0434\u0430, \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.26.2 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u0420\u0435\u0435\u0441\u0442\u0440 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Gitea \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043b\u044e\u0431\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u0431\u0435\u0437 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u043f\u0430\u0440\u043e\u043b\u044f \u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u043e\u0431\u0440\u0430\u0437\u044b \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u043d\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u0432\u0437\u0433\u043b\u044f\u0434, \u0441\u0447\u0438\u0442\u0430\u043b\u0438\u0441\u044c \u0431\u044b \u0447\u0430\u0441\u0442\u043d\u044b\u043c\u0438, \u0438\u0437 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432, \u043a\u0430\u043a \u0435\u0441\u043b\u0438 \u0431\u044b \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0431\u0440\u0430\u0437\u044b \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u043c\u043e\u0433\u0443\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434, \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0431\u0443\u0434\u0443\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c NoScope, \u043f\u043e\u0438\u0441\u043a \u0432 Shodan \u0432\u044b\u0434\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 34 000 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Gitea. \u0418\u0437 \u043d\u0438\u0445 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 93%, \u0438\u043b\u0438 31 750, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 4000 \u0438\u0437 \u043d\u0438\u0445 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043d\u0430 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0438\u043b\u0438 VPS-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445. \u041e\u043a\u043e\u043b\u043e 7000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 Gitea \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c NoScope, \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0434\u043d\u043e\u0437\u043d\u0430\u0447\u043d\u044b \u0438 \u044d\u0442\u043e \u043d\u0435 \u043c\u0430\u0448\u0438\u043d\u044b \u043e\u0431\u044b\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u0440\u0438\u043d\u044f\u0432\u0448\u0438\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043c\u043e\u0449\u043d\u043e\u0441\u0442\u044f\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Gitea \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.26.2 \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a\u043e \u0432\u0441\u0435\u043c\u0443 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0443 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u044d\u0442\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u043d\u0435 \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u0434\u043b\u044f \u0441\u043b\u0443\u0447\u0430\u0435\u0432, \u043a\u043e\u0433\u0434\u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u044b \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438; \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432 \u0442\u0430\u043a\u043e\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0437\u0432\u0435\u0441\u0438\u0442\u044c \u0432\u0441\u0435 \u0437\u0430 \u0438 \u043f\u0440\u043e\u0442\u0438\u0432.", "creation_timestamp": "2026-05-28T14:43:19.000000Z"}, {"uuid": "5608d769-a0df-4f98-8dff-c70f47e953ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mmwdnbqbrc2j", "content": "Security flaw in Gitea (CVE-2026-27771) allows unauthenticated remote attackers to access private container images\u2014affects all versions before 1.26.2. Update now!", "creation_timestamp": "2026-05-28T15:29:56.553835Z"}, {"uuid": "98a5b13c-5e70-4b2d-a2ca-65e8a39cc6ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-27771", "type": "seen", "source": "https://bsky.app/profile/bladews.fosstodon.org.ap.brid.gy/post/3mmwebhvvdwq2", "content": "Gitea CVE-2026-27771: Private Container Images Were Never Private\n\nhttps://byteiota.com/gitea-cve-2026-27771-private-container-images-were-never-private/", "creation_timestamp": "2026-05-28T15:41:20.702207Z"}, {"uuid": "f6576bec-8ee6-48f3-ae67-d69702bb21f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "Telegram/4EvRsx4wkIBGmtV9q0ZaHiSSvBRlpxxqVvtdsqPjBZBFUQ", "content": "", "creation_timestamp": "2026-05-27T13:29:59.000000Z"}, {"uuid": "fc490583-35aa-4099-98e6-85111d59465a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "seen", "source": "https://t.me/realcodeb0ss/450", "content": "[The Most Advanced In All The Earth and The World.]\n\nhttps://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html\n\nhttps://horizon3.ai/attack-research/vulnerabilities/cve-2026-27771/\n\nhttps://orca.security/resources/blog/gitea-container-registry-vulnerability/\n\n\nFofa : app=\"Gitea\" - (245,703 Records)\n\nShodan : http.html:\"Gitea\"\n\nProofs are posted in the comments,\nFor any problems, or to purchase VIP access and features, please contact: @uncodeboss\n\n\nThis content is shared strictly for authorized testing, educational, \nand research purposes only. It is not intended for malicious use. All techniques, tools, \nor information provided are meant to demonstrate security concepts and to raise awareness in a controlled and legal environment. \nPlease do not remove or flag this content, as it is shared responsibly for learning and academic purposes.", "creation_timestamp": "2026-05-31T14:13:54.000000Z"}, {"uuid": "3d12fba1-22b0-4c7b-9347-bba1a0806979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27771", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-27771.yaml", "content": "", "creation_timestamp": "2026-05-30T13:12:12.000000Z"}]}