Skip to main content

GitLab CE/EE CVE-2026-4524

| EUVDEUVD-2026-30229 MEDIUM
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-05-14 cve@gitlab.com GHSA-95pv-g7fc-7pxj
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 10:50 vuln.today
Patch available
May 14, 2026 - 07:01 EUVD

DescriptionCVE.org

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks.

AnalysisAI

Improper authorization in GitLab CE/EE exposes confidential issue content to any authenticated user on public projects across three active release branches. The flaw (CWE-288) allows a low-privileged, authenticated user - including users with no project membership - to read issue content that project owners explicitly marked confidential and restricted. With patch versions released on May 13, 2026 and no public exploit or KEV listing identified at time of analysis, the immediate threat is bounded, though the confidentiality impact is rated High by CVSS given the potential for sensitive business or security-relevant issue data to be disclosed.

Technical ContextAI

GitLab's issue tracker supports a 'confidential' flag on issues within public projects, intended to restrict visibility to project members and above while keeping the project itself publicly accessible. CWE-288 (Authentication Bypass Using an Alternate Path or Channel) indicates that an alternate code path or API endpoint in GitLab's authorization layer fails to enforce the confidential-issue visibility check, allowing the restriction to be bypassed by any authenticated session. Affected products are identified by CPE as both GitLab Community Edition and Enterprise Edition (cpe:2.3:a:gitlab:gitlab). The vulnerability spans the 18.9, 18.10, and 18.11 release trains, suggesting the defect was introduced or carried forward during that development window and was not caught by authorization unit tests across those branches.

RemediationAI

Upgrade to the vendor-patched releases: GitLab 18.9.7, 18.10.6, or 18.11.3, all made available via the May 13, 2026 patch release at https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/. GitLab.com hosted instances were patched automatically; self-managed administrators must apply the update manually. As a compensating control prior to patching, organizations can convert sensitive confidential issues into private projects rather than public ones, since the vulnerability specifically requires the project to be publicly accessible - this eliminates the attack surface entirely but sacrifices public project visibility. Alternatively, reviewing and temporarily removing confidential-issue content from public projects that contain genuinely sensitive data reduces exposure risk without requiring downtime. No side-effect concerns are documented for the patch itself.

More in Gitlab

View all
CVE-2023-7028 CRITICAL POC
10.0 Jan 12

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.

CVE-2013-4490 MEDIUM POC
6.5 May 13

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x

CVE-2021-22205 CRITICAL POC
10.0 Apr 23

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. Rated critical severity (CVSS 10

CVE-2022-2992 CRITICAL POC
9.9 Oct 17

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-1162 CRITICAL POC
9.8 Apr 04

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. Rated critical severity (CVSS 9.8)

CVE-2022-0735 CRITICAL POC
9.8 Mar 28

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions star

CVE-2021-22175 CRITICAL POC
9.8 Jun 11

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af

CVE-2021-22203 CRITICAL POC
9.8 Apr 02

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions sta

CVE-2019-15741 CRITICAL POC
9.8 Sep 16

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2019-6960 CRITICAL POC
9.8 Sep 09

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6

Share

CVE-2026-4524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy