A vulnerability was found in theonedev onedev up to 15.0.5 . It has been classified as critical . Affected by this vulnerability is an unknown functionality of the file /projects . The manipulation of the argument project.forkedFromId leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-11438 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.