CVE-2026-44647
CVE-2026-44647 affects OneDev (Git server with CI/CD, kanban, and packages). Before version 15.0.2, a repository object can steer raw blob reads to arbitrary local files accessible by the server process, breaking boundary between LFS metadata and server filesystem paths. Impact: a user with push ...