CVE-2026-24007

MEDIUM EPSS 3.7%
Published Feb 2, 20264mo ago · Modified Jun 17, 20262w ago
4.6 CVSS 3.1
Medium
Find Similar
Published Feb 2, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

CVSS Details

Base Score
4.6
Exploitability
2.1
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 4

VendorProductVersionRange
enaleantuleap* <17.0-9
enaleantuleap* <17.0.99.1768924735
enaleantuleap*≥17.1  –  <17.1-6
enaleantuleap*≥17.2  –  <17.2-5

References 4

  • github.com https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5
    Patch
  • github.com https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw
    PatchVendor Advisory
  • tuleap.net https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5
    Broken Link
  • tuleap.net https://tuleap.net/plugins/tracker/?aid=46389
    Issue Tracking

Remediation

  • github.com https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5
    Patch
  • github.com https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw
    PatchVendor Advisory