theonedev Pull Request issues canAccessIssue improper authorization_CVE-2026-11441

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component.

Basic Information

ID CVE-2026-11441

Source VulDB

Published Jun 6, 2026 at 17:45

Affected Product

Vendor theonedev

Product onedev

Version 15.0.0

Affected Versions theonedev onedev 15.0.0
theonedev onedev 15.0.1
theonedev onedev 15.0.2
theonedev onedev 15.0.3
theonedev onedev 15.0.4
theonedev onedev 15.0.5

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component.",
    "published": "2026-06-06T17:45:10.650Z",
    "modified": "2026-06-06T17:45:10.650Z",
    "type": "cve",
    "title": "theonedev Pull Request issues canAccessIssue improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369021\nhttps://vuldb.com/vuln/369021/cti\nhttps://vuldb.com/cve/CVE-2026-11441\nhttps://vuldb.com/submit/822957\nhttps://www.cnblogs.com/aibot/p/19994142\nhttps://github.com/theonedev/onedev/releases/tag/v15.0.6",
    "id": "CVE-2026-11441",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "theonedev onedev 15.0.0\ntheonedev onedev 15.0.1\ntheonedev onedev 15.0.2\ntheonedev onedev 15.0.3\ntheonedev onedev 15.0.4\ntheonedev onedev 15.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "onedev",
    "version": "15.0.0",
    "vendor": "theonedev",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}