CVE-2026-15036
Received Received - Intake

Authorization Bypass in Harness Gitspaces Endpoint

Vulnerability report for CVE-2026-15036, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulDB

Description

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
harness harness to 2.28.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15036 is an authorization bypass vulnerability in the Harness platform affecting the getAuthorizedSpaces function in the gitspaces endpoint. The issue arises because the code does not properly enforce space-level authorization checks. Specifically, when a user is removed from a space, the function fails to skip marking that space as authorized due to missing control flow logic. This allows an authenticated user, even after removal, to access gitspace configurations they should no longer have permission to see.

The vulnerability allows the user to retrieve sensitive information such as access keys, SSH commands, and URLs from gitspaces they are no longer authorized to access.

Impact Analysis

This vulnerability can impact you by allowing unauthorized access to sensitive gitspace configurations after you have been removed from a space. An attacker or unauthorized user could retrieve access keys and connection details, potentially continuing to access and manipulate development environments remotely.

If a gitspace instance remains running after a user is removed, the exposed access keys could be used to maintain unauthorized access, leading to potential data exposure or manipulation within your development environment.

Detection Guidance

This vulnerability can be detected by monitoring access to the `GET /api/v1/gitspaces` endpoint on the Harness platform. Specifically, look for unauthorized retrievals of gitspace configurations from spaces where the user should no longer have access.

Since the issue involves an authorization bypass in the `getAuthorizedSpaces()` function, detection can involve checking logs for requests to the gitspaces endpoint by users who have been removed from certain spaces but still receive data from those spaces.

No explicit detection commands are provided in the available resources, but network monitoring tools or API request logs can be queried for suspicious access patterns to `/api/v1/gitspaces`.

Mitigation Strategies

Immediate mitigation steps include restricting access to the `GET /api/v1/gitspaces` endpoint to only fully authorized users and monitoring for any unauthorized access attempts.

Since the vulnerability allows users removed from a space to still access its gitspace configurations, it is important to revoke or rotate any exposed access keys or credentials associated with those gitspaces.

Additionally, consider disabling or limiting the use of gitspace instances for users who have been removed until a patch or fix is available.

Currently, the project has not responded with a fix, so monitoring for updates and applying patches once available is critical.

Compliance Impact

The vulnerability allows an authenticated user who has been removed from a space to bypass authorization and access sensitive gitspace configurations, including access keys, SSH commands, and URLs. This unauthorized access to sensitive information could lead to exposure of personal or confidential data.

Such unauthorized access and potential data exposure may impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15036. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart