What is the CVSS score of CVE-2026-5377?

CVE-2026-5377 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2026-5377?

Yes, a public proof-of-concept exploit is available for CVE-2026-5377. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-5377?

Yes, a patch is available for CVE-2026-5377. Update the affected software to the latest version immediately.

GitLab CE/EE CVE-2026-5377

EUVD-2026-25044 MEDIUM

Incorrect Authorization (CWE-863)

2026-04-22 GitLab

Authentication Bypass Gitlab

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

PoC Detected

Apr 23, 2026 - 20:37 vuln.today

Public exploit code

Patch released

Apr 23, 2026 - 20:37 nvd

Patch available

Analysis Generated

Apr 23, 2026 - 00:17 vuln.today

Patch available

Apr 22, 2026 - 17:33 EUVD

EUVD ID Assigned

Apr 22, 2026 - 16:31 euvd

EUVD-2026-25044

Analysis Generated

Apr 22, 2026 - 16:31 vuln.today

CVE Published

Apr 22, 2026 - 16:04 nvd

MEDIUM 4.3

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process.

AnalysisAI

GitLab CE/EE 18.11 before 18.11.1 allows authenticated users to bypass access controls and read titles of confidential or private issues in public projects through improper validation in the issue description rendering process. The vulnerability requires valid user credentials but no elevated privileges, affecting the confidentiality of issue metadata that should be restricted. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

CVE-2026-5377 vulnerability details – vuln.today

Back

GitLab CE/EE CVE-2026-5377

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code