CVE-2026-4890 covers two problems, one of which
was conincidentally fixed in release 2.92, hence
there are two patches. One applies to release 2.92
and the other to release 2.91 and earlier.