Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks.
AnalysisAI
Improper authorization in GitLab CE/EE exposes confidential issue content to any authenticated user on public projects across three active release branches. The flaw (CWE-288) allows a low-privileged, authenticated user - including users with no project membership - to read issue content that project owners explicitly marked confidential and restricted. With patch versions released on May 13, 2026 and no public exploit or KEV listing identified at time of analysis, the immediate threat is bounded, though the confidentiality impact is rated High by CVSS given the potential for sensitive business or security-relevant issue data to be disclosed.
Technical ContextAI
GitLab's issue tracker supports a 'confidential' flag on issues within public projects, intended to restrict visibility to project members and above while keeping the project itself publicly accessible. CWE-288 (Authentication Bypass Using an Alternate Path or Channel) indicates that an alternate code path or API endpoint in GitLab's authorization layer fails to enforce the confidential-issue visibility check, allowing the restriction to be bypassed by any authenticated session. Affected products are identified by CPE as both GitLab Community Edition and Enterprise Edition (cpe:2.3:a:gitlab:gitlab). The vulnerability spans the 18.9, 18.10, and 18.11 release trains, suggesting the defect was introduced or carried forward during that development window and was not caught by authorization unit tests across those branches.
RemediationAI
Upgrade to the vendor-patched releases: GitLab 18.9.7, 18.10.6, or 18.11.3, all made available via the May 13, 2026 patch release at https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/. GitLab.com hosted instances were patched automatically; self-managed administrators must apply the update manually. As a compensating control prior to patching, organizations can convert sensitive confidential issues into private projects rather than public ones, since the vulnerability specifically requires the project to be publicly accessible - this eliminates the attack surface entirely but sacrifices public project visibility. Alternatively, reviewing and temporarily removing confidential-issue content from public projects that contain genuinely sensitive data reduces exposure risk without requiring downtime. No side-effect concerns are documented for the patch itself.
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. Rated critical severity (CVSS 10
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. Rated critical severity (CVSS 9.8)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions star
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions sta
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30229
GHSA-95pv-g7fc-7pxj