Vulnerability-Lookup

CVE-2026-6552 (GCVE-0-2026-6552)

Vulnerability from cvelistv5 – Published: 2026-06-11 10:20 – Updated: 2026-06-12 03:55

Title

Authorization Bypass Through User-Controlled Key in GitLab

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.

Severity

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

GitLab

References

3 references

URL	Tags
https://gitlab.com/gitlab-org/gitlab/-/work_items…
https://hackerone.com/reports/3655189	technical-descriptionexploitpermissions-required
https://about.gitlab.com/releases/2026/06/10/patc…

Impacted products

1 product

Vendor	Product	Version
GitLab	GitLab	Affected: 15.5 , < 18.10.8 (semver) Affected: 18.11 , < 18.11.5 (semver) Affected: 19.0 , < 19.0.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

Thanks [cyberjoker](https://hackerone.com/cyberjoker) for reporting this vulnerability through our HackerOne bug bounty program

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6552",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T03:55:25.275Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.10.8",
              "status": "affected",
              "version": "15.5",
              "versionType": "semver"
            },
            {
              "lessThan": "18.11.5",
              "status": "affected",
              "version": "18.11",
              "versionType": "semver"
            },
            {
              "lessThan": "19.0.2",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [cyberjoker](https://hackerone.com/cyberjoker) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T10:20:21.427Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597295"
        },
        {
          "name": "HackerOne Bug Bounty Report #3655189",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3655189"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above."
        }
      ],
      "title": "Authorization Bypass Through User-Controlled Key in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-6552",
    "datePublished": "2026-06-11T10:20:21.427Z",
    "dateReserved": "2026-04-17T21:34:28.848Z",
    "dateUpdated": "2026-06-12T03:55:25.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-6552",
      "date": "2026-06-12",
      "epss": "0.00011",
      "percentile": "0.01512"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-6552\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2026-06-11T12:16:32.347\",\"lastModified\":\"2026-06-11T17:36:24.853\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"15.5.0\",\"versionEndExcluding\":\"18.10.8\",\"matchCriteriaId\":\"8C741BDC-5238-4B16-825F-C9C0F207F8E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"15.5.0\",\"versionEndExcluding\":\"18.10.8\",\"matchCriteriaId\":\"BD1F3756-DCA7-46B2-BCBF-122434C72BD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"18.11.0\",\"versionEndExcluding\":\"18.11.5\",\"matchCriteriaId\":\"D3442E29-F164-40E0-B972-F0EEE8ED4FD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"18.11.0\",\"versionEndExcluding\":\"18.11.5\",\"matchCriteriaId\":\"7FB0D7FE-9A4F-45D8-B564-31DF9F2F4066\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"19.0.2\",\"matchCriteriaId\":\"A6FAB200-DFB3-42FC-A901-8E5C0A3CA706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndExcluding\":\"19.0.2\",\"matchCriteriaId\":\"1A666CA8-8D31-4765-87ED-D0F56E9DAFF0\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/work_items/597295\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://hackerone.com/reports/3655189\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Permissions Required\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-6552\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-11T12:32:08.786234Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T12:32:32.497Z\"}}], \"cna\": {\"title\": \"Authorization Bypass Through User-Controlled Key in GitLab\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Thanks [cyberjoker](https://hackerone.com/cyberjoker) for reporting this vulnerability through our HackerOne bug bounty program\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\"], \"repo\": \"git://git@gitlab.com:gitlab-org/gitlab.git\", \"vendor\": \"GitLab\", \"product\": \"GitLab\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.5\", \"lessThan\": \"18.10.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.11\", \"lessThan\": \"18.11.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"19.0\", \"lessThan\": \"19.0.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above.\"}], \"references\": [{\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/work_items/597295\"}, {\"url\": \"https://hackerone.com/reports/3655189\", \"name\": \"HackerOne Bug Bounty Report #3655189\", \"tags\": [\"technical-description\", \"exploit\", \"permissions-required\"]}, {\"url\": \"https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639: Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"shortName\": \"GitLab\", \"dateUpdated\": \"2026-06-11T10:20:21.427Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-6552\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-12T03:55:25.275Z\", \"dateReserved\": \"2026-04-17T21:34:28.848Z\", \"assignerOrgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"datePublished\": \"2026-06-11T10:20:21.427Z\", \"assignerShortName\": \"GitLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

bit-gitlab-2026-6552

Vulnerability from bitnami_vulndb

Published

2026-06-12 09:05

Modified

2026-06-12 09:06

Summary

Authorization Bypass Through User-Controlled Key in GitLab

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "gitlab",
        "purl": "pkg:bitnami/gitlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.5.0"
            },
            {
              "fixed": "18.10.8"
            },
            {
              "introduced": "18.11.0"
            },
            {
              "fixed": "18.11.5"
            },
            {
              "introduced": "19.0.0"
            },
            {
              "fixed": "19.0.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6552"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
    ],
    "severity": "High"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality.",
  "id": "BIT-gitlab-2026-6552",
  "modified": "2026-06-12T09:06:56.549Z",
  "published": "2026-06-12T09:05:00.144Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597295"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3655189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6552"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Authorization Bypass Through User-Controlled Key in GitLab"
}

CERTFR-2026-AVI-0733

Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11

De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une falsification de requêtes côté serveur (SSRF).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 18.10.8
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 19.0.x antérieures à 19.0.2
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 18.11.x antérieures à 18.11.5

References

Title

Publication Time

FKIE_CVE-2026-6552

Vulnerability from fkie_nvd - Published: 2026-06-11 12:16 - Updated: 2026-06-11 17:36

Severity

8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Summary

References

URL	Tags
cve@gitlab.com	https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/	Release Notes
cve@gitlab.com	https://gitlab.com/gitlab-org/gitlab/-/work_items/597295	Issue Tracking
cve@gitlab.com	https://hackerone.com/reports/3655189	Permissions Required

Impacted products

Vendor	Product	Version
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "8C741BDC-5238-4B16-825F-C9C0F207F8E7",
              "versionEndExcluding": "18.10.8",
              "versionStartIncluding": "15.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "BD1F3756-DCA7-46B2-BCBF-122434C72BD3",
              "versionEndExcluding": "18.10.8",
              "versionStartIncluding": "15.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "D3442E29-F164-40E0-B972-F0EEE8ED4FD1",
              "versionEndExcluding": "18.11.5",
              "versionStartIncluding": "18.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "7FB0D7FE-9A4F-45D8-B564-31DF9F2F4066",
              "versionEndExcluding": "18.11.5",
              "versionStartIncluding": "18.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "A6FAB200-DFB3-42FC-A901-8E5C0A3CA706",
              "versionEndExcluding": "19.0.2",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1A666CA8-8D31-4765-87ED-D0F56E9DAFF0",
              "versionEndExcluding": "19.0.2",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality."
    }
  ],
  "id": "CVE-2026-6552",
  "lastModified": "2026-06-11T17:36:24.853",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.8,
        "source": "cve@gitlab.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-06-11T12:16:32.347",
  "references": [
    {
      "source": "cve@gitlab.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/"
    },
    {
      "source": "cve@gitlab.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597295"
    },
    {
      "source": "cve@gitlab.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://hackerone.com/reports/3655189"
    }
  ],
  "sourceIdentifier": "cve@gitlab.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "cve@gitlab.com",
      "type": "Primary"
    }
  ]
}

GHSA-R82J-G6Q9-MVX8

Vulnerability from github – Published: 2026-06-11 12:32 – Updated: 2026-06-11 12:32

Details

Severity

8.7 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-6552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-11T12:16:32Z",
    "severity": "HIGH"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member\u0027s GitLab account due to improper authorization in the Group SAML identity management functionality.",
  "id": "GHSA-r82j-g6q9-mvx8",
  "modified": "2026-06-11T12:32:45Z",
  "published": "2026-06-11T12:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6552"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3655189"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2026-0196

Vulnerability from csaf_ncscnl - Published: 2026-06-12 07:39 - Updated: 2026-06-12 07:39

Summary

Kwetsbaarheden verholpen in GitLab Enterprise Edition

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: GitLab heeft meerdere kwetsbaarheden verholpen in GitLab Community Edition en Enterprise Edition (EE) versies variërend van 12.0 tot voor 19.0.2, inclusief belangrijke releases zoals 17.x, 18.10.8, 18.11.5 en 19.0.2.

Interpretaties: De kwetsbaarheden betreffen verschillende onderdelen van GitLab CE & EE. Geauthenticeerde gebruikers met developer-permissies kunnen via de Analytics Dashboard interface willekeurige client-side code uitvoeren door onvoldoende sanitatie van gebruikersinput. Op de CI/CD Catalog pagina kan een denial of service (DoS) worden veroorzaakt door onjuiste inputsanitatie, waardoor de pagina onbeschikbaar raakt. Een DoS kan ook optreden door het uploaden van speciaal vervaardigde bestanden die leiden tot resource-uitputting, wat de GitLab service kan laten crashen of onresponsief maken. Verder kunnen geauthenticeerde gebruikers ongeautoriseerde toegang krijgen tot vertrouwelijke issuegegevens door onjuiste autorisatiecontroles. Developer-gebruikers kunnen verborgen merge requests wijzigen door gebrekkige autorisatie, en ook merge request diff views manipuleren door onjuiste verwerking van bestandsnamen, wat wijzigingen kan verbergen tijdens code reviews. Gebruikers met de Security Manager rol kunnen projectbeveiligingsinstellingen beheren ondanks dat deze functie uitgeschakeld is, door onjuiste autorisatie. Binnen Group SAML identity management kunnen group Owners de controle over andere groepsleden overnemen door onjuiste autorisatiecontroles. Ongeautoriseerde e-mailadressen kunnen aan accounts worden toegevoegd via onvoldoende inputsanitatie in groepsinstellingen. Tijdens repository-import kan onvoldoende validatie van secundaire URL's leiden tot het uitlezen van willekeurige bestanden op de Gitaly-server en toegang tot interne netwerkbronnen. Ten slotte kan een niet-geauthenticeerde gebruiker de GitLab Support Bot imiteren door het injecteren van arbitraire inhoud in Service Desk e-mailantwoorden, veroorzaakt door onjuiste verwerking van e-mailsjablonen.

Oplossingen: GitLab heeft updates uitgebracht om deze kwetsbaarheden in GitLab Enterprise Edition te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-153: Improper Neutralization of Substitution Characters

CWE-639: Authorization Bypass Through User-Controlled Key

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-863: Incorrect Authorization

CWE-918: Server-Side Request Forgery (SSRF)

CWE-1021: Improper Restriction of Rendered UI Layers or Frames

CVE-2026-10087

GitLab addressed a security flaw in multiple Enterprise Edition versions that allowed authenticated developers to execute arbitrary client-side code via the Analytics Dashboard due to improper input sanitization.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-10733

GitLab addressed a denial of service vulnerability caused by improper sanitization affecting authenticated users on the CI/CD Catalog page in versions 17.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-1500

GitLab addressed a denial of service vulnerability in versions 17.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, caused by uncontrolled resource consumption during a crafted file upload by an authenticated user.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-3553

GitLab addressed a security vulnerability in versions 12.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users to improperly access confidential issue details due to authorization flaws.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-6269

GitLab addressed a security flaw in versions 15.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users with developer permissions to improperly modify hidden merge requests due to insufficient authorization controls.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 - Incorrect Authorization

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-6277

GitLab addressed a security flaw in multiple GitLab EE versions where users with Security Manager-role permissions could improperly manage project security settings despite the feature being disabled, due to insufficient authorization checks.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-863 - Incorrect Authorization

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-6552

GitLab addressed a security flaw in GitLab EE versions 15.5 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where an authenticated group Owner could exploit improper authorization in Group SAML identity management to hijack another group member's account.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-6976

GitLab addressed a vulnerability affecting versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where authenticated users with developer permissions could conceal changes in merge request diff views due to improper file name input handling.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-7250

GitLab addressed a denial of service vulnerability caused by improper input validation in API request parsing middleware affecting versions 12.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-8589

GitLab addressed a security vulnerability in multiple GitLab EE versions that allowed authenticated users to add unauthorized email addresses to other users' accounts due to improper input sanitization in group settings.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-9204

GitLab addressed a vulnerability in versions prior to 18.10.8, 18.11.5, and 19.0.2 that allowed authenticated users to read arbitrary files from the Gitaly server and access internal network resources due to insufficient validation of secondary URLs during repository import.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

CVE-2026-9694

GitLab versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 contain a vulnerability allowing unauthenticated users to impersonate the GitLab Support Bot and inject arbitrary content via crafted Service Desk email replies due to improper email template processing.

2.6 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE-153 - Improper Neutralization of Substitution Characters

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* GitLab / Community Edition, Enterprise Edition		vers:unknown/*
vers:unknown/* Open Source / GitLab		vers:unknown/*

References

13 references

URL	Category
https://docs.gitlab.com/releases/patches/patch-re…	external
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "GitLab heeft meerdere kwetsbaarheden verholpen in GitLab Community Edition en Enterprise Edition (EE) versies vari\u00ebrend van 12.0 tot voor 19.0.2, inclusief belangrijke releases zoals 17.x, 18.10.8, 18.11.5 en 19.0.2.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden betreffen verschillende onderdelen van GitLab CE \u0026 EE. Geauthenticeerde gebruikers met developer-permissies kunnen via de Analytics Dashboard interface willekeurige client-side code uitvoeren door onvoldoende sanitatie van gebruikersinput. Op de CI/CD Catalog pagina kan een denial of service (DoS) worden veroorzaakt door onjuiste inputsanitatie, waardoor de pagina onbeschikbaar raakt. Een DoS kan ook optreden door het uploaden van speciaal vervaardigde bestanden die leiden tot resource-uitputting, wat de GitLab service kan laten crashen of onresponsief maken. Verder kunnen geauthenticeerde gebruikers ongeautoriseerde toegang krijgen tot vertrouwelijke issuegegevens door onjuiste autorisatiecontroles. Developer-gebruikers kunnen verborgen merge requests wijzigen door gebrekkige autorisatie, en ook merge request diff views manipuleren door onjuiste verwerking van bestandsnamen, wat wijzigingen kan verbergen tijdens code reviews. Gebruikers met de Security Manager rol kunnen projectbeveiligingsinstellingen beheren ondanks dat deze functie uitgeschakeld is, door onjuiste autorisatie. Binnen Group SAML identity management kunnen group Owners de controle over andere groepsleden overnemen door onjuiste autorisatiecontroles. Ongeautoriseerde e-mailadressen kunnen aan accounts worden toegevoegd via onvoldoende inputsanitatie in groepsinstellingen. Tijdens repository-import kan onvoldoende validatie van secundaire URL\u0027s leiden tot het uitlezen van willekeurige bestanden op de Gitaly-server en toegang tot interne netwerkbronnen. Ten slotte kan een niet-geauthenticeerde gebruiker de GitLab Support Bot imiteren door het injecteren van arbitraire inhoud in Service Desk e-mailantwoorden, veroorzaakt door onjuiste verwerking van e-mailsjablonen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "GitLab heeft updates uitgebracht om deze kwetsbaarheden in GitLab Enterprise Edition te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Substitution Characters",
        "title": "CWE-153"
      },
      {
        "category": "general",
        "text": "Authorization Bypass Through User-Controlled Key",
        "title": "CWE-639"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Rendered UI Layers or Frames",
        "title": "CWE-1021"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/"
      }
    ],
    "title": "Kwetsbaarheden verholpen in GitLab Enterprise Edition",
    "tracking": {
      "current_release_date": "2026-06-12T07:39:37.406561Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0196",
      "initial_release_date": "2026-06-12T07:39:37.406561Z",
      "revision_history": [
        {
          "date": "2026-06-12T07:39:37.406561Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Community Edition, Enterprise Edition"
          }
        ],
        "category": "vendor",
        "name": "GitLab"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-10087",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security flaw in multiple Enterprise Edition versions that allowed authenticated developers to execute arbitrary client-side code via the Analytics Dashboard due to improper input sanitization.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-10087 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-10087.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-10087"
    },
    {
      "cve": "CVE-2026-10733",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Rendered UI Layers or Frames",
          "title": "CWE-1021"
        },
        {
          "category": "description",
          "text": "GitLab addressed a denial of service vulnerability caused by improper sanitization affecting authenticated users on the CI/CD Catalog page in versions 17.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-10733 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-10733.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-10733"
    },
    {
      "cve": "CVE-2026-1500",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "GitLab addressed a denial of service vulnerability in versions 17.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, caused by uncontrolled resource consumption during a crafted file upload by an authenticated user.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-1500 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1500.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-1500"
    },
    {
      "cve": "CVE-2026-3553",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security vulnerability in versions 12.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users to improperly access confidential issue details due to authorization flaws.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-3553 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-3553.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-3553"
    },
    {
      "cve": "CVE-2026-6269",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security flaw in versions 15.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users with developer permissions to improperly modify hidden merge requests due to insufficient authorization controls.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-6269 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6269.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-6269"
    },
    {
      "cve": "CVE-2026-6277",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security flaw in multiple GitLab EE versions where users with Security Manager-role permissions could improperly manage project security settings despite the feature being disabled, due to insufficient authorization checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-6277 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6277.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-6277"
    },
    {
      "cve": "CVE-2026-6552",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security flaw in GitLab EE versions 15.5 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where an authenticated group Owner could exploit improper authorization in Group SAML identity management to hijack another group member\u0027s account.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-6552 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6552.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-6552"
    },
    {
      "cve": "CVE-2026-6976",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authorization Bypass Through User-Controlled Key",
          "title": "CWE-639"
        },
        {
          "category": "description",
          "text": "GitLab addressed a vulnerability affecting versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where authenticated users with developer permissions could conceal changes in merge request diff views due to improper file name input handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-6976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-6976"
    },
    {
      "cve": "CVE-2026-7250",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "GitLab addressed a denial of service vulnerability caused by improper input validation in API request parsing middleware affecting versions 12.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-7250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-7250"
    },
    {
      "cve": "CVE-2026-8589",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "GitLab addressed a security vulnerability in multiple GitLab EE versions that allowed authenticated users to add unauthorized email addresses to other users\u0027 accounts due to improper input sanitization in group settings.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-8589 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8589.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-8589"
    },
    {
      "cve": "CVE-2026-9204",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "GitLab addressed a vulnerability in versions prior to 18.10.8, 18.11.5, and 19.0.2 that allowed authenticated users to read arbitrary files from the Gitaly server and access internal network resources due to insufficient validation of secondary URLs during repository import.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-9204 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-9204.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-9204"
    },
    {
      "cve": "CVE-2026-9694",
      "cwe": {
        "id": "CWE-153",
        "name": "Improper Neutralization of Substitution Characters"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Substitution Characters",
          "title": "CWE-153"
        },
        {
          "category": "description",
          "text": "GitLab versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 contain a vulnerability allowing unauthenticated users to impersonate the GitLab Support Bot and inject arbitrary content via crafted Service Desk email replies due to improper email template processing.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-9694 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-9694.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-9694"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-6552 (GCVE-0-2026-6552)

bit-gitlab-2026-6552

Vulnerability from bitnami_vulndb

CERTFR-2026-AVI-0733

Solutions

FKIE_CVE-2026-6552

GHSA-R82J-G6Q9-MVX8

NCSC-2026-0196

Tags

Sightings

Nomenclature