CVE Catalog

CVE-2026-11465

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Summary

A security flaw has been discovered in songquanpeng one-api up to version 0.6.11-preview.7, affecting the Redeem function in the file model/redemption.go. Manipulation of this function results in business logic errors.

Risk Assessment

An attacker may remotely exploit this vulnerability, but it requires a high level of complexity. The release of exploits increases the risk of attacks on the system.

Recommendation

It is recommended to implement the fix as soon as possible, which is currently awaiting acceptance in the pull request.

Original NVD description (English source)

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS