CVE-2026-15036 | Harness up to 2.28.2 gitspaces Endpoint list_all.go getAuthorizedSpaces authorization (Issue 3689)
A vulnerability was found in Harness up to 2.28.2 and classified as problematic. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass.
This vulnerability is handled as CVE-2026-15036. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More