CVE-2026-11439 | theonedev up to 15.0.5 Parent Project /projects/ project.parentId improper authorization

SecurityVulns
Yanac

A vulnerability was found in theonedev onedev up to 15.0.5. It has been declared as critical. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization.

This vulnerability was named CVE-2026-11439. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More