cvedb.io
CVE-2026-20904
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-01-22T22:16:19.130 · Last modified 2026-06-17T10:18:00.723

Summary

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Affected products

gitea — gitea

Does this affect you?

Add your gear to cvedb and we'll alert you only when gitea ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.