CVE-2026-56782

CRITICAL NUCLEI LAB

Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-56782. PoCs published by thecodeb0ss, BiiTts. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains no actual exploit code or technical details about CVE-2026-56782. It only includes a README with an image and a Telegram link, suggesting external distribution of the PoC, which is a common social engineering tactic.

Description

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or completely overwrite the dataset without authentication.

Exploits (2)

github SUSPICIOUS
by thecodeb0ss · poc
https://github.com/thecodeb0ss/CVE-2026-56782

The repository contains no actual exploit code or technical details about CVE-2026-56782. It only includes a README with an image and a Telegram link, suggesting external distribution of the PoC, which is a common social engineering tactic.

Classification
Suspicious 99%
No auth needed
mistral-large-3 · analyzed Jul 03, 2026 Full analysis →
github WORKING POC
by BiiTts · pythonpoc
https://github.com/BiiTts/CVE-2026-56782-Gorse-Auth-Bypass

This repository contains a functional exploit PoC for CVE-2026-56782, an authentication bypass vulnerability in Gorse < 0.5.10. The exploit demonstrates unauthenticated access to sensitive endpoints (/api/dump and /api/restore) due to a fail-open check in the checkAdmin function when admin_api_key is unset.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Gorse < 0.5.10
No auth needed
Prerequisites: Network access to the Gorse master HTTP server (default port 8088) · Gorse version < 0.5.10 with default or empty admin_api_key configuration
mistral-large-3 · analyzed Jun 30, 2026 Full analysis →

Nuclei Templates (1)

Gorse < 0.5.10 - Unauthenticated Database Dump
CRITICALVERIFIEDby 0x_Akoko
FOFA: title="Gorse Dashboard"

Scores

CVSS v3 9.8
EPSS 0.0302
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull zhenghaoz/gorse-in-one:0.5.8

Details

CWE
CWE-306
Status published
Products (2)
gorse-io/gorse < 0.5.10
gorse-io/gorse 0.5.10
Published Jun 29, 2026
Tracked Since Jun 29, 2026