What is the CVSS score of CVE-2026-1751?

CVE-2026-1751 has a CVSS 3.1 base score of 3.1 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Gitlab are affected by CVE-2026-1751?

CVE-2026-1751 is a low-severity vulnerability in GitLab CE/EE affecting all involving missing authorization (CVSS 3.1).

Is there a public PoC exploit available for CVE-2026-1751?

Yes, a public proof-of-concept exploit is available for CVE-2026-1751. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-1751?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Gitlab CVE-2026-1751

LOW

Missing Authorization (CWE-862)

2026-02-02 cve@gitlab.com

Gitlab

3.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.1 LOW

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

PoC Detected

Feb 04, 2026 - 14:34 vuln.today

Public exploit code

CVE Published

Feb 02, 2026 - 10:16 nvd

LOW 3.1

DescriptionCVE.org

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.

AnalysisAI

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 3.1 (LOW). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker without authentication could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-8589 HIGH This Week POC

8.7 Jun 11

Stored cross-site scripting and account integrity abuse in GitLab Enterprise Edition versions 13.1.4 through 18.10.7, 18

CVE-2026-10087 HIGH This Week POC

8.7 Jun 11

Stored cross-site scripting in GitLab Enterprise Edition's Analytics Dashboard allows an authenticated developer-role us

CVE-2026-6552 HIGH This Week POC

8.7 Jun 11

Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack

CVE-2026-7250 HIGH This Week POC

7.5 Jun 11

Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows un

CVE-2026-1500 MEDIUM This Month POC

6.5 Jun 11

Uncontrolled resource consumption in GitLab CE/EE's file upload processing pipeline enables any authenticated user to tr

CVE-2026-1751 vulnerability details – vuln.today

Back

Gitlab CVE-2026-1751

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code