108
CVEs
4
Critical
36
High
0
KEV
22
PoC
22
Unpatched C/H
48.1%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
4
HIGH
36
MEDIUM
55
LOW
13
Monthly CVE Trend
Affected Products (15)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-3857 | A Cross-Site Request Forgery (CSRF) vulnerability in GitLab Community Edition and Enterprise Edition allows unauthenticated attackers to execute arbitrary GraphQL mutations on behalf of authenticated users without their consent. All versions from 17.10 before 18.8.7, versions 18.9 before 18.9.3, and versions 18.10 before 18.10.1 are affected. A public proof-of-concept exploit is available via HackerOne report 3584382, significantly increasing the risk of active exploitation. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-4922 | Cross-Site Request Forgery (CSRF) in GitLab CE/EE allows remote unauthenticated attackers to execute GraphQL mutations as authenticated victims through crafted web pages. Affects all versions from 17.0 through 18.11.0, with publicly available exploit code (HackerOne report 3627285). Despite high CVSS 8.1, exploitation requires user interaction (phishing/social engineering) and is not automatable per CISA SSVC framework. No evidence of active exploitation in CISA KEV at time of analysis. Vendor patches released: 18.9.6, 18.10.4, and 18.11.1. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-5262 | Cross-site scripting vulnerability in GitLab's Storybook development environment allows remote unauthenticated attackers to steal access tokens via crafted user interaction. Affects GitLab CE/EE versions 16.1.0 through 18.9.5, 18.10 through 18.10.3, and 18.11.0. Publicly available exploit code exists (HackerOne report 3574642), though CISA SSVC indicates no confirmed active exploitation at time of analysis. CVSS 8.0 reflects high confidentiality and integrity impact with scope change, but CVSS vector AC:H (high complexity) and UI:R (user interaction required) indicate exploitation requires targeted social engineering rather than automated mass exploitation. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2026-5816 | Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. CVSS 8.0 reflects the changed scope (S:C) allowing impact beyond the vulnerable component, though High attack complexity (AC:H) and required user interaction (UI:R) limit ease of exploitation. Patched in versions 18.10.4 and 18.11.1. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2026-2995 | Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. Affected deployments should implement access controls to restrict user modification privileges until updates become available. | HIGH | 7.7 | 0.0% | 59 |
PoC
|
| CVE-2026-3988 | GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. An unauthenticated attacker can remotely exploit this with low complexity to render GitLab instances unresponsive, and a public proof-of-concept exploit is available via HackerOne report 3597342. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2026-2745 | GitLab CE/EE versions 7.11 through 18.10 contain an authentication bypass vulnerability in the WebAuthn two-factor authentication implementation due to inconsistent input validation, allowing unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability affects a wide version range spanning multiple releases (7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1). A proof-of-concept exploit is publicly available, and while the CVSS score of 6.8 indicates moderate severity, the authentication bypass nature and active exploit availability represent a significant real-world threat to GitLab deployments. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|
| CVE-2026-1724 | GitLab EE contains an improper access control vulnerability that allows unauthenticated users to retrieve API tokens for self-hosted AI models without authentication. The vulnerability affects GitLab versions 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, impacting any organization running these versions with AI model integrations. With a CVSS score of 6.8 and publicly available proof-of-concept code, this represents a significant credential exposure risk requiring immediate patching. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|
| CVE-2026-1660 | Denial of service in GitLab CE/EE versions 12.3 through 18.11.0 allows authenticated users to trigger excessive resource consumption during issue import operations due to improper input validation on user-supplied data. The vulnerability affects all minor versions from 12.3 onwards until patched versions 18.9.6, 18.10.4, and 18.11.1. Publicly available exploit code exists, and CISA SSVC assessment indicates the vulnerability is exploitable but not automatable at scale. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|
| CVE-2025-13436 | GitLab CE/EE contains a denial of service vulnerability in CI-related input handling that allows authenticated users to consume excessive server resources, potentially rendering the service unavailable. Versions 13.7 through 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are affected across all GitLab installations. A publicly available proof-of-concept exists from HackerOne (report 3418149), though CISA has not flagged this for active exploitation in the wild, and the SSVC framework indicates no evidence of current weaponization despite automatable characteristics being unavailable. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-0186 | Authenticated users can trigger denial of service in GitLab CE/EE versions 10.6 through 18.11.0 by sending crafted requests to the discussions endpoint that exhaust server resources. The vulnerability requires valid authentication credentials and affects all affected versions across the 10.6, 18.9, 18.10, and 18.11 release branches. Publicly available exploit code exists; CISA has not yet listed this in the Known Exploited Vulnerabilities catalog, but active exploitation likelihood is moderate given public POC availability and the low complexity of resource exhaustion attacks. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-3922 | Authenticated users can trigger denial of service in GitLab by overwhelming system resources through the GraphQL API due to insufficient resource allocation limits. Affected versions span from 12.4 through 18.11.0 across three release branches. Publicly available exploit code exists, though active exploitation has not been confirmed in CISA KEV. CVSS 6.5 reflects moderate severity with high availability impact but requires valid authentication. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-6016 | Denial of service in GitLab CE/EE affects authenticated users who can trigger resource exhaustion when retrieving notes under specific conditions, causing service unavailability. Versions 9.2 through 18.9.5, 18.10.0 through 18.10.3, and 18.11.0 are vulnerable. An authenticated attacker with standard user privileges can exploit this remotely without user interaction via crafted note retrieval requests. A publicly available exploit exists, and patches have been released by GitLab. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-13078 | GitLab CE/EE contains a denial of service vulnerability in webhook configuration processing that allows authenticated users to consume excessive server resources, affecting versions 16.10 through 18.10.0. An attacker with valid GitLab credentials can trigger this issue by submitting specially crafted webhook configuration inputs, resulting in application unavailability. A proof-of-concept exploit is publicly available via HackerOne, and patches are available for affected versions. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2026-1868 | GitLab AI Gateway's Duo Workflow Service has a CVSS 9.9 server-side template injection enabling code execution through the AI workflow system. | CRITICAL | 9.9 | 0.0% | 50 |
No patch
|