CVE-2026-11440 | theonedev up to 15.0.5 REST API default-branch project.defaultBranch improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. It has been rated as critical. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization.

The identification of this vulnerability is CVE-2026-11440. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More