CVE-2026-4524

MEDIUM

Authentication Bypass Using an Alternate Path or Channel in GitLab

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-4524. PoCs published by CyruxSec.

AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2026-4524, a Local File Inclusion (LFI) vulnerability in WordPress Madara Theme versions < 2.2.2.1. The script sends crafted HTTP POST requests to the vulnerable endpoint `/wp-admin/admin-ajax.php` with a payload that includes a directory traversal path to read `/etc/passwd`.

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks.

Exploits (1)

github WORKING POC
by CyruxSec · pythonpoc
https://github.com/CyruxSec/CVE-2026-4524

This repository contains a functional Python script that exploits CVE-2026-4524, a Local File Inclusion (LFI) vulnerability in WordPress Madara Theme versions < 2.2.2.1. The script sends crafted HTTP POST requests to the vulnerable endpoint `/wp-admin/admin-ajax.php` with a payload that includes a directory traversal path to read `/etc/passwd`.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress Madara Theme < 2.2.2.1
No auth needed
Prerequisites: List of target URLs in a text file · Python environment with `requests` and `colorama` libraries
mistral-large-3 · analyzed Jun 13, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0029
EPSS Percentile 20.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-288
Status published
Products (4)
GitLab/GitLab 18.10 - 18.10.6
GitLab/GitLab 18.11 - 18.11.3
GitLab/GitLab 18.9.1 - 18.9.7
gitlab/gitlab 18.9.1 - 18.9.7 (2 CPE variants)
Published May 14, 2026
Tracked Since May 14, 2026