CVE-2026-15036 | Harness up to 2.28.2 gitspaces Endpoint list_all.go getAuthorizedSpaces authorization (Issue 3689)

SecurityVulns

A vulnerability was found in Harness up to 2.28.2 and classified as problematic. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass.

This vulnerability is handled as CVE-2026-15036. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More