CVE-2026-11438 | theonedev up to 15.0.5 /projects project.forkedFromId improper authorization

A vulnerability was found in theonedev onedev up to 15.0.5. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization.

This vulnerability is uniquely identified as CVE-2026-11438. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More