CVE-2026-49248 | theonedev up to 15.0.6 Symbolic Links TarUtils.untar symlink (GHSA-55g8-94r5-cj37)

A vulnerability was found in theonedev onedev up to 15.0.6. It has been classified as critical. The affected element is the function TarUtils.untar of the component Symbolic Links Handler. Performing a manipulation results in symlink following.

This vulnerability is cataloged as CVE-2026-49248. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More