CVE-2026-11439 – theonedev Parent Project projects improper authorization

CVE ID :CVE-2026-11439

Published : June 6, 2026, 6:16 p.m. | 16 minutes ago

Description :A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from remote. Upgrading to version 15.0.6 can resolve this issue. It is recommended to upgrade the affected component.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11440 – theonedev REST API default-branch improper authorization

CVE-2026-11441 – theonedev Pull Request issues canAccessIssue improper authorization

CVE-2026-11438 – theonedev projects improper authorization

CVE-2026-11437 – perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery