CVE-2026-20912 is a critical vulnerability in Gitea, a popular open-source software development platform. The issue arises from Gitea's improper validation of repository ownership when linking attachments to releases. This flaw could potentially allow an attachment uploaded to a private repository to be linked to a release in a different public repository, making it accessible to unauthorized users. The v [truncated]
CVE-2026-20897 is a critical vulnerability in Gitea, a popular open-source Git repository manager. The issue arises from Gitea's improper validation of repository ownership when deleting Git LFS (Large File Storage) locks. This flaw allows a user with write access to one repository to potentially delete LFS locks belonging to other repositories, which could lead to data integrity issues and unauthorized a [truncated]
