PatchSiren cyber security CVE debrief
CVE-2026-11441 theonedev CVE debrief
A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component.
- Vendor
- theonedev
- Product
- onedev
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-08
Who should care
Users of theonedev onedev up to version 15.0.5
Technical summary
The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to version 15.0.6 or later
Evidence notes
Vendor: Unknown Vendor, Product: onedev, Version: up to 15.0.5
Official resources
CVE-2026-11441 was published on 2026-06-06T18:16:53.443Z and modified on 2026-06-08T14:57:14.757Z.