Stats Digest Feeds
← Back to CVEs

Product: Gitlab

8 CVEs — Subscribe via RSS

CVE-2026-8716 MEDIUM 4.3 2026-05-27

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended.

CVE-2026-4868 HIGH 8.2 2026-05-27

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to improper user identity resolution when triggering Duo AI workflow runners.

CVE-2026-5296 MEDIUM 4.3 2026-05-27

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions under certain conditions.

CVE-2026-6713 MEDIUM 5.3 2026-05-27

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

CVE-2026-2601 MEDIUM 4.3 2026-05-27

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to improper authorization checks.

CVE-2026-1402 MEDIUM 6.5 2026-05-27

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation.

GitLab CE/EE: Mehrere Schwachstellen HIGH 7.5 2026-04-09

Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Informationen offenzulegen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen oder Cross-Site-Scripting-Angriffe durchzuführen.

GitLab: Mehrere Schwachstellen HIGH 7.5 2026-03-26

Ein Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Dateien zu manipulieren, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um einen Cross-Site Scripting Angriff durchzuführen.