LOW
songquanpeng
CVE published 2026-06-07
CVE-2026-11465
A business logic error vulnerability has been discovered in the one-api project, specifically in the Redemption Code Top-Up Endpoint. The issue is caused by a flaw in the `Redeem` function of the `model/redemption.go` file. This vulnerability allows remote attackers to manipulate the business logic, although it requires a high level of complexity and is known to be difficult to exploit. The CVSS score for [truncated]