View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2026-20904: 1 source package rows (gitea); 44 state rows across 2 repos (3.23-community, edge-community); fixed 0, open 44.
Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.