GitLab CE/EE CVE-2026-6515

| EUVD-2026-25048 MEDIUM
Insufficient Session Expiration (CWE-613)
2026-04-22 GitLab GHSA-h8q5-vxrg-qgmf
Information Disclosure Gitlab
5.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 23, 2026 - 00:17 vuln.today
Patch available
Apr 22, 2026 - 17:33 EUVD

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.

AnalysisAI

GitLab CE/EE versions 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 allow authenticated users to access Virtual Registries using invalidated or incorrectly scoped credentials under certain conditions, resulting in unauthorized information disclosure and modification. The vulnerability requires valid user credentials and network access but no user interaction, affecting confidentiality and integrity with partial technical impact per SSVC. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy