CVE-2026-24007
MEDIUMTuleap < 17.0-9 - Cross-Site Request Forgery in Overview Inconsistent Items
Title source: llmDescription
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw
Patch x_refsource_misc
https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5
Various Sources x_refsource_misc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5
Various Sources x_refsource_misc
https://tuleap.net/plugins/tracker/?aid=46389
Scores
CVSS v3
4.6
EPSS
0.0014
EPSS Percentile
3.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (2)
enalean/tuleap
< 17.0-9
enalean/tuleap
< 17.0.99.1768924735
Published
Feb 02, 2026
Tracked Since
Feb 18, 2026