CVE-2026-11465 | songquanpeng one-api up to 0.6.11-preview.7 Redemption Code Top-Up Endpoint model/redemption.go Redeem logic error (Issue 2397)

Inserito da Angelo Barbosa | Giu 7, 2026 | CVE

A vulnerability, which was classified as critical, was found in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors.

This vulnerability is cataloged as CVE-2026-11465. The attack may be launched remotely. Furthermore, there is an exploit available.

The pull request to fix this issue awaits acceptance.

CVE-2026-11465 | songquanpeng one-api up to 0.6.11-preview.7 Redemption Code Top-Up Endpoint model/redemption.go Redeem logic error (Issue 2397)

Post correlati

CVE-2024-53311 | Immunity Debugger 1.85 Input stack-based overflow

CVE-2025-11924 | Ninja Forms Plugin up to 3.13.1/3.13.2 on WordPress REST Endpoint resource injection

CVE-2024-1968 | scrapy up to 2.11.1 information disclosure

CVE-2024-28269 | ReCrystallize Server 5.10.0.0 unrestricted upload