Is Gitlab affected by CVE-2026-4363?

CVE-2026-4363 is a low-severity vulnerability in GitLab EE affecting all (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

CVE-2026-4363

EUVD-2026-15481 LOW

2026-03-25 GitLab

GHSA-c3cq-wgrq-qm9r

3.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 25, 2026 - 15:16 euvd

EUVD-2026-15481

Analysis Generated

Mar 25, 2026 - 15:16 vuln.today

CVE Published

Mar 25, 2026 - 15:04 nvd

LOW 3.7

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.

Analysis

GitLab EE versions 18.1 through 18.8.6, 18.9.0 through 18.9.2, and 18.10.0 suffer from improper caching of authorization decisions that allows authenticated users to gain unauthorized access to resources under certain conditions. The vulnerability requires user interaction and has relatively high attack complexity, but impacts confidentiality and integrity of accessed resources. …

Remediation

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +18

POC: 0

Vendor Status

Debian

gitlab

Release	Status	Fixed Version	Urgency
sid	fixed	17.6.5-19	-
(unstable)	not-affected	-	-

CVE-2026-4363 vulnerability details – vuln.today

Back

CVE-2026-4363

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

CVE-2026-4363

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code