These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component.
CVE-2026-11440 is a vulnerability in onedev up to 15.0.5. The vulnerability affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. Manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack remotely. Upgrading to version 15.0.6 is able to mitigate this issue. Upgrading the affected component is advised.
CVE-2026-11438 is a vulnerability found in theonedev onedev up to version 15.0.5. The vulnerability affects an unknown functionality of the file /projects and is caused by improper authorization due to manipulation of the argument project.forkedFromId. This vulnerability can be exploited remotely. Upgrading to version 15.0.6 addresses this issue.