A vulnerability categorized as critical has been discovered in theonedev onedev up to 15.0.5 . This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler . Such manipulation of the argument issue leads to improper authorization. This vulnerability is referenced as CVE-2026-11441 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.