General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2026-20904 | Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to ch… | Medium (6.5) | 2026-01-22 | General-Purpose |
| CVE-2026-20897 | Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repo… | Critical (9.1) | 2026-01-22 | General-Purpose |
| CVE-2026-20888 | Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with re… | Medium (4.3) | 2026-01-22 | General-Purpose |
| CVE-2026-20883 | Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository… | Medium (6.5) | 2026-01-22 | General-Purpose |
| CVE-2026-20800 | Gitea's notification API does not re-validate repository access permissions when returning notification details. After … | Medium (6.5) | 2026-01-22 | General-Purpose |