๐Ÿ” CVE Alert

CVE-2026-15036

MEDIUM 4.3

Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-639 CWE-285
Vendor n/a
Product harness
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for n/a harness

Be the first to know when new medium vulnerabilities affecting n/a harness are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / Harness
2.28.0 2.28.1 2.28.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376787 vuldb.com: https://vuldb.com/vuln/376787/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15036 vuldb.com: https://vuldb.com/submit/851013 github.com: https://github.com/harness/harness/issues/3689 github.com: https://github.com/harness/harness/

Credits

๐Ÿ” geochen (VulDB User) VulDB CNA Team