CVE-2026-11441
MediumCVSS 6.3Summary
A vulnerability was identified in onedev up to version 15.0.5, affecting the canAccessIssue function in the /issues/ file of the Pull Request Handler component. Manipulation of the issue argument leads to improper authorization.
Risk Assessment
The vulnerability allows for remote exploitation, potentially leading to unauthorized access to system resources.
Recommendation
It is advisable to upgrade to version 15.0.6 to resolve this issue.
Original NVD description (English source)
A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component.

