CVE-2026-4524
MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLab
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-4524. PoCs published by CyruxSec.
AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2026-4524, a Local File Inclusion (LFI) vulnerability in WordPress Madara Theme versions < 2.2.2.1. The script sends crafted HTTP POST requests to the vulnerable endpoint `/wp-admin/admin-ajax.php` with a payload that includes a directory traversal path to read `/etc/passwd`.
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks.
Exploits (1)
This repository contains a functional Python script that exploits CVE-2026-4524, a Local File Inclusion (LFI) vulnerability in WordPress Madara Theme versions < 2.2.2.1. The script sends crafted HTTP POST requests to the vulnerable endpoint `/wp-admin/admin-ajax.php` with a payload that includes a directory traversal path to read `/etc/passwd`.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N