A vulnerability was found in Harness up to 2.28.2 and classified as problematic. This vulnerability affects the function
getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass.
This vulnerability is handled as CVE-2026-15036. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.