CVE-2026-20904

Publication date

2026-01-22 22:01:51

Family

Gitea

State

PUBLISHED

Description

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users OpenID identities.