Home > Vulnerability Database > CVE-2026-24007

Mend.io Vulnerability Database

CVE-2026-24007

Good to know:

Date: February 2, 2026

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

Severity Score

4.6

Related Resources (6)

Url: https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw

Url: https://tuleap.net/plugins/tracker/?aid=46389

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-24007

Url: https://www.mend.io/vulnerability-database/CVE-2026-24007

Severity Score

4.6

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version https://github.com/Enalean/tuleap.git - 17.3

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2026-24007

Good to know:

Date: February 2, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?