CVE-2026-5816

Removed by vendor...

CVE-2026-5816

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

CVE-2026-5816

CVE-2026-5816 affects GitLab CE/EE prior to 18.10.4 and prior to 18.11.1, with an issue in path validation that could allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser session. GitLab has released patches in versions 18.10.4 and 18.11.1 to remediate this. The vulne...

CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

CVE-2026-6515 Insufficient Session Expiration in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

CVE-2026-6515

Removed by vendor...

CVE-2026-6515 Insufficient Session Expiration in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

CVE-2026-6515

GitLab CVE-2026-6515 affects GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The issue could allow a user to reuse invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions (insufficient session expiration). Remed...

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

PT-2026-34519

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0 Description Improper access control in the issue description rendering process could allow an authenticated user to access titles of confidential or private issues within public projects...

PT-2026-34518

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.1.0 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description Improper input validation under certain conditions could allow an unauthenticated user to access...

GitLab 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-5816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript...

PT-2026-34521

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists that could allow a user to access Virtual Registries under certain conditions by usin...

GitLab 17.0 < 18.9.6 / 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-4922)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute...

PT-2026-34523

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.0 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description Insufficient CSRF Cross-Site Request Forgery protection could allow an unauthenticated user to execut...

PT-2026-34469

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.6 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service by exhausting server...

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 containe...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.10.4 and...

PT-2026-34520

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where improper path validation under certain conditions could allow an unauthenticated user to execute arbitrary JavaScript in ...

GitLab CE/EE 跨站请求伪造漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...