15 matches found
CVE-2026-8716
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...
CVE-2026-3073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...
UBUNTU-CVE-2026-1660
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...
CVE-2026-5173
GitLab CE/EE is affected across multiple tracks: 16.9.6+ eligible, prior 18.x branches up to 18.8.9, 18.9 up to 18.9.4, and 18.10 up to 18.10.2. Root cause: improper access control allowed an authenticated user to invoke unintended server-side methods via websocket connections. Impact: potential ...
CVE-2026-1663
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in th...
CVE-2026-1069
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...
CVE-2026-3857
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...
CVE-2026-2973
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...
PT-2026-27803
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could potentially cause a denial of service by exploiting excessive resource...
BIT-GITLAB-2025-12704 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...
CVE-2026-1182 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...
CVE-2026-1663
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in th...
PT-2026-21993
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to...
PT-2026-7517
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.0 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description GitLab CE/EE is susceptible to a denial of service condition. An unauthenticated user can potentially caus...
CVE-2026-1102
CVE-2026-1102 affects GitLab CE/EE. Affected are all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2. The issue allowed an unauthenticated user to trigger a denial-of-service condition by sending repeated malformed SSH authentication requests. Remediation is in the pa...