GO-2026-4369 Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea...

BIT-GITEA-2026-20904 Gitea: Broken access control in OpenID visibility toggle enables cross-user visibility changes

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ToggleUserOpenIDVisibility function. An authenticated attacker can modify the visibility settings of other users' OpenID identities. Remediation Upgrade...