## https://sploitus.com/exploit?id=218F452A-21BB-5C45-BA4F-3B03FD83B20D
# CVE-2026-20896 Lab
This repository provides a small, self-contained lab for exploring the CVE-2026-20896 issue in a controlled and authorized environment.
## Overview
The lab includes:
- [poc.py](poc.py): my customized proof-of-concept script that demonstrates the issue and exports browser-ready cookie files
- [detect.py](detect.py): a checker based on the original project at https://github.com/rz1027/CVE-2026-20896
- [docker-compose.yml](docker-compose.yml): a local Gitea lab setup based on the same original reference
## Purpose
This project is intended strictly for education, research, and authorized security testing. It should only be used against systems you own or are explicitly authorized to test.
## Quick Start
1. Start the lab environment:
```bash
docker compose up -d
```
2. Verify that the service is reachable:
```bash
python3 detect.py http://localhost:3000
```
3. Run the proof-of-concept:
```bash
python3 poc.py http://localhost:3000 admin
```
## How It Works
The vulnerability is related to reverse-proxy authentication handling in Gitea. When reverse-proxy authentication is enabled, Gitea can trust the X-WEBAUTH-USER header if the trusted proxy configuration is too permissive.
In a vulnerable setup, an attacker who can reach the service directly may be able to spoof this header and impersonate another user. The PoC demonstrates that behavior in a controlled environment and exports cookies that can be imported into a browser for testing purposes.
## Disclaimer
This repository is provided for educational and authorized security testing only.
By using this project, you agree that:
- you have explicit permission to test the target system,
- you will not use it against any unauthorized service,
- you are solely responsible for your actions and any consequences that result.
The authors and contributors assume no liability for misuse or damage.
## Notes
- The lab uses Gitea 1.26.2, which is the vulnerable version referenced in the related discussion.
- The scripts are intended for local, safe, and authorized testing only.
- If you are testing a real deployment, ensure you have written permission before proceeding.
## Attribution
The original reference for the detection logic and lab setup is:
- https://github.com/rz1027/CVE-2026-20896
This repository uses that work as a reference for the lab environment and detection approach. The PoC script in [poc.py](poc.py) has been customized and is presented as my own implementation.
Please preserve attribution when reusing or adapting this work.
## License
This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.