CVE-2026-24007

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 17.0.99.1768924735 Tuleap Enterprise Edition versions 17.2-5, 17.1-6, and 17.0-9

Description Tuleap lacks CSRF protection in the Overview inconsistent items feature. An attacker could exploit this to trick users into creating artifact links from the release by repairing inconsistent items. The vulnerability allows an attacker to perform actions on behalf of an authenticated user without their knowledge.

Recommendations Update Tuleap Community Edition to version 17.0.99.1768924735 or later. Update Tuleap Enterprise Edition to version 17.2-5, 17.1-6, or 17.0-9 or later.