Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
Title source: cnaExploitation Summary
EIP tracks 2 public exploits for CVE-2026-56782. PoCs published by thecodeb0ss, BiiTts. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository contains no actual exploit code or technical details about CVE-2026-56782. It only includes a README with an image and a Telegram link, suggesting external distribution of the PoC, which is a common social engineering tactic.
Description
Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is empty, which is the default configuration. Remote attackers can exfiltrate the entire database including user records, items, and feedback data containing personally identifiable information, or completely overwrite the dataset without authentication.
Exploits (2)
The repository contains no actual exploit code or technical details about CVE-2026-56782. It only includes a README with an image and a Telegram link, suggesting external distribution of the PoC, which is a common social engineering tactic.
This repository contains a functional exploit PoC for CVE-2026-56782, an authentication bypass vulnerability in Gorse < 0.5.10. The exploit demonstrates unauthenticated access to sensitive endpoints (/api/dump and /api/restore) due to a fail-open check in the checkAdmin function when admin_api_key is unset.
Nuclei Templates (1)
title="Gorse Dashboard"
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H