A critical vulnerability in Gitea, the popular open-source self-hosted Git service, exposed over thirty thousand deployments to unauthorized access, allowing anyone on the internet to pull supposedly private container images without authentication. The flaw, tracked as CVE-2026-27771, had existed in the code for roughly four years before being patched last week in version 1.26.2, potentially exposing sensitive information like source code, secrets, and production infrastructure details. Security researchers at NoScope discovered that around four thousand of the affected instances were production systems running on major cloud platforms, raising significant concerns for organizations that self-host their development infrastructure.