What is the CVSS score of CVE-2026-4363?

CVE-2026-4363 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Gitlab are affected by CVE-2026-4363?

CVE-2026-4363 is a low-severity vulnerability in GitLab EE affecting all (CVSS 3.7).. A patch is available.

Gitlab CVE-2026-4363

EUVD-2026-15481 LOW

Incorrect Authorization (CWE-863)

2026-03-25 GitLab

GHSA-c3cq-wgrq-qm9r

Authentication Bypass Gitlab

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 25, 2026 - 15:16 euvd

EUVD-2026-15481

Analysis Generated

Mar 25, 2026 - 15:16 vuln.today

CVE Published

Mar 25, 2026 - 15:04 nvd

LOW 3.7

DescriptionNVD

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.

AnalysisAI

GitLab EE versions 18.1 through 18.8.6, 18.9.0 through 18.9.2, and 18.10.0 suffer from improper caching of authorization decisions that allows authenticated users to gain unauthorized access to resources under certain conditions. The vulnerability requires user interaction and has relatively high attack complexity, but impacts confidentiality and integrity of accessed resources. …

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

Vendor StatusVendor

Debian

gitlab

Release	Status	Fixed Version	Urgency
sid	fixed	17.6.5-19	-
(unstable)	not-affected	-	-

CVE-2026-4363 vulnerability details – vuln.today

Back