📄 Description (English)
A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack remotely. Upgrading to version 15.0.6 is able to mitigate this issue. Upgrading the affected component is advised.
🤖 AI Executive Summary
CVE-2026-11440 is a medium-severity authorization bypass vulnerability in OneDev versions up to 15.0.5 affecting the REST API endpoint for managing default branch settings. An unauthenticated or low-privileged attacker can manipulate the project.defaultBranch parameter to bypass authorization controls and modify repository configurations remotely. While no public exploit is available, the vulnerability requires immediate patching to version 15.0.6 or later to prevent unauthorized repository modifications.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 6, 2026 22:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations using OneDev for source code management, particularly in government agencies (NCA, CITC), financial institutions (SAMA-regulated banks), and critical infrastructure operators (ARAMCO, SEC). The authorization bypass could allow unauthorized modification of code repositories, leading to supply chain attacks, code tampering, and unauthorized access to sensitive development assets. Government and defense contractors are especially at risk due to reliance on secure code repositories for classified projects.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Energy and Utilities
Telecommunications
Healthcare
Defense and Security
Technology and Software Development
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:
- Identify all OneDev instances in your environment running versions up to 15.0.5
- Restrict network access to OneDev REST API endpoints, particularly /repositories/{projectId}/default-branch
- Review access logs for suspicious API calls modifying project.defaultBranch parameter
- Implement IP whitelisting for API access if possible
2. PATCHING GUIDANCE:
- Upgrade OneDev to version 15.0.6 or later immediately
- Test patches in non-production environment first
- Schedule maintenance window for production upgrades
- Verify authorization controls function correctly post-upgrade
3. COMPENSATING CONTROLS (if immediate patching not possible):
- Implement Web Application Firewall (WAF) rules to block requests modifying project.defaultBranch parameter
- Enable multi-factor authentication for all OneDev administrative accounts
- Implement API rate limiting and request validation
- Deploy reverse proxy with request filtering
4. DETECTION RULES:
- Monitor for POST/PUT requests to /repositories/*/default-branch endpoints
- Alert on project.defaultBranch parameter modifications from non-admin accounts
- Track changes to repository default branch settings in audit logs
- Implement SIEM rules for unauthorized API authentication attempts
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:
- تحديد جميع مثيلات OneDev في بيئتك التي تعمل بالإصدارات حتى 15.0.5
- تقييد الوصول إلى نقاط نهاية REST API، خاصة /repositories/{projectId}/default-branch
- مراجعة سجلات الوصول للاتصالات المريبة التي تعدل معامل project.defaultBranch
- تطبيق قائمة بيضاء IP لوصول API إن أمكن
2. إرشادات التصحيح:
- ترقية OneDev إلى الإصدار 15.0.6 أو أحدث فورًا
- اختبار التصحيحات في بيئة غير الإنتاج أولاً
- جدولة نافذة صيانة لترقيات الإنتاج
- التحقق من عمل عناصر التحكم في التفويض بشكل صحيح بعد الترقية
3. عناصر التحكم البديلة (إذا لم يكن التصحيح الفوري ممكنًا):
- تطبيق قواعد جدار حماية تطبيقات الويب لحظر الطلبات التي تعدل معامل project.defaultBranch
- تفعيل المصادقة متعددة العوامل لجميع حسابات OneDev الإدارية
- تطبيق تحديد معدل API والتحقق من الطلبات
- نشر وكيل عكسي مع تصفية الطلبات
4. قواعد الكشف:
- مراقبة طلبات POST/PUT إلى نقاط نهاية /repositories/*/default-branch
- تنبيه عند تعديلات معامل project.defaultBranch من حسابات غير إدارية
- تتبع التغييرات على إعدادات الفرع الافتراضي للمستودع في سجلات التدقيق
- تطبيق قواعد SIEM لمحاولات المصادقة غير المصرح بها للـ API
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.2.1 - User access management and authorization controls
ECC 2024 A.9.4.3 - Password management and access control
ECC 2024 A.12.4.1 - Event logging and monitoring
ECC 2024 A.14.2.1 - Secure development and change management
🔵 SAMA CSF
SAMA CSF ID.AC-1 - Access Control Policy
SAMA CSF PR.AC-1 - Identities and credentials are managed
SAMA CSF DE.CM-1 - The network is monitored for unauthorized connections
SAMA CSF DE.AE-1 - A baseline of network operations is established
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of duties
ISO 27001:2022 A.8.2 - User registration and de-registration
ISO 27001:2022 A.8.3 - User access provisioning
ISO 27001:2022 A.9.2 - User access management
ISO 27001:2022 A.12.4 - Logging
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/theonedev/onedev/releases/tag/v15.0.6
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-11440
cna@vuldb.com
https://vuldb.com/submit/822956
cna@vuldb.com
https://vuldb.com/vuln/369020
cna@vuldb.com
https://vuldb.com/vuln/369020/cti
cna@vuldb.com
https://www.cnblogs.com/aibot/p/19994142
cna@vuldb.com