NCSC-2026-0196
Vulnerability from csaf_ncscnl - Published: 2026-06-12 07:39 - Updated: 2026-06-12 07:39Summary
Kwetsbaarheden verholpen in GitLab Enterprise Edition
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: GitLab heeft meerdere kwetsbaarheden verholpen in GitLab Community Edition en Enterprise Edition (EE) versies variërend van 12.0 tot voor 19.0.2, inclusief belangrijke releases zoals 17.x, 18.10.8, 18.11.5 en 19.0.2.
Interpretaties: De kwetsbaarheden betreffen verschillende onderdelen van GitLab CE & EE. Geauthenticeerde gebruikers met developer-permissies kunnen via de Analytics Dashboard interface willekeurige client-side code uitvoeren door onvoldoende sanitatie van gebruikersinput. Op de CI/CD Catalog pagina kan een denial of service (DoS) worden veroorzaakt door onjuiste inputsanitatie, waardoor de pagina onbeschikbaar raakt. Een DoS kan ook optreden door het uploaden van speciaal vervaardigde bestanden die leiden tot resource-uitputting, wat de GitLab service kan laten crashen of onresponsief maken. Verder kunnen geauthenticeerde gebruikers ongeautoriseerde toegang krijgen tot vertrouwelijke issuegegevens door onjuiste autorisatiecontroles. Developer-gebruikers kunnen verborgen merge requests wijzigen door gebrekkige autorisatie, en ook merge request diff views manipuleren door onjuiste verwerking van bestandsnamen, wat wijzigingen kan verbergen tijdens code reviews. Gebruikers met de Security Manager rol kunnen projectbeveiligingsinstellingen beheren ondanks dat deze functie uitgeschakeld is, door onjuiste autorisatie. Binnen Group SAML identity management kunnen group Owners de controle over andere groepsleden overnemen door onjuiste autorisatiecontroles. Ongeautoriseerde e-mailadressen kunnen aan accounts worden toegevoegd via onvoldoende inputsanitatie in groepsinstellingen. Tijdens repository-import kan onvoldoende validatie van secundaire URL's leiden tot het uitlezen van willekeurige bestanden op de Gitaly-server en toegang tot interne netwerkbronnen. Ten slotte kan een niet-geauthenticeerde gebruiker de GitLab Support Bot imiteren door het injecteren van arbitraire inhoud in Service Desk e-mailantwoorden, veroorzaakt door onjuiste verwerking van e-mailsjablonen.
Oplossingen: GitLab heeft updates uitgebracht om deze kwetsbaarheden in GitLab Enterprise Edition te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-153: Improper Neutralization of Substitution Characters
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-1021: Improper Restriction of Rendered UI Layers or Frames
GitLab addressed a security flaw in multiple Enterprise Edition versions that allowed authenticated developers to execute arbitrary client-side code via the Analytics Dashboard due to improper input sanitization.
8.7 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a denial of service vulnerability caused by improper sanitization affecting authenticated users on the CI/CD Catalog page in versions 17.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a denial of service vulnerability in versions 17.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, caused by uncontrolled resource consumption during a crafted file upload by an authenticated user.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a security vulnerability in versions 12.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users to improperly access confidential issue details due to authorization flaws.
CWE-863 - Incorrect AuthorizationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a security flaw in versions 15.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users with developer permissions to improperly modify hidden merge requests due to insufficient authorization controls.
5.4 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a security flaw in multiple GitLab EE versions where users with Security Manager-role permissions could improperly manage project security settings despite the feature being disabled, due to insufficient authorization checks.
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a security flaw in GitLab EE versions 15.5 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where an authenticated group Owner could exploit improper authorization in Group SAML identity management to hijack another group member's account.
8.7 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a vulnerability affecting versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where authenticated users with developer permissions could conceal changes in merge request diff views due to improper file name input handling.
CWE-639 - Authorization Bypass Through User-Controlled KeyAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a denial of service vulnerability caused by improper input validation in API request parsing middleware affecting versions 12.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a security vulnerability in multiple GitLab EE versions that allowed authenticated users to add unauthorized email addresses to other users' accounts due to improper input sanitization in group settings.
7.3 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab addressed a vulnerability in versions prior to 18.10.8, 18.11.5, and 19.0.2 that allowed authenticated users to read arbitrary files from the Gitaly server and access internal network resources due to insufficient validation of secondary URLs during repository import.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
GitLab versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 contain a vulnerability allowing unauthenticated users to impersonate the GitLab Support Bot and inject arbitrary content via crafted Service Desk email replies due to improper email template processing.
CWE-153 - Improper Neutralization of Substitution CharactersAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
GitLab / Community Edition, Enterprise Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Open Source / GitLab
|
vers:unknown/* |
References
13 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "GitLab heeft meerdere kwetsbaarheden verholpen in GitLab Community Edition en Enterprise Edition (EE) versies vari\u00ebrend van 12.0 tot voor 19.0.2, inclusief belangrijke releases zoals 17.x, 18.10.8, 18.11.5 en 19.0.2.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen verschillende onderdelen van GitLab CE \u0026 EE. Geauthenticeerde gebruikers met developer-permissies kunnen via de Analytics Dashboard interface willekeurige client-side code uitvoeren door onvoldoende sanitatie van gebruikersinput. Op de CI/CD Catalog pagina kan een denial of service (DoS) worden veroorzaakt door onjuiste inputsanitatie, waardoor de pagina onbeschikbaar raakt. Een DoS kan ook optreden door het uploaden van speciaal vervaardigde bestanden die leiden tot resource-uitputting, wat de GitLab service kan laten crashen of onresponsief maken. Verder kunnen geauthenticeerde gebruikers ongeautoriseerde toegang krijgen tot vertrouwelijke issuegegevens door onjuiste autorisatiecontroles. Developer-gebruikers kunnen verborgen merge requests wijzigen door gebrekkige autorisatie, en ook merge request diff views manipuleren door onjuiste verwerking van bestandsnamen, wat wijzigingen kan verbergen tijdens code reviews. Gebruikers met de Security Manager rol kunnen projectbeveiligingsinstellingen beheren ondanks dat deze functie uitgeschakeld is, door onjuiste autorisatie. Binnen Group SAML identity management kunnen group Owners de controle over andere groepsleden overnemen door onjuiste autorisatiecontroles. Ongeautoriseerde e-mailadressen kunnen aan accounts worden toegevoegd via onvoldoende inputsanitatie in groepsinstellingen. Tijdens repository-import kan onvoldoende validatie van secundaire URL\u0027s leiden tot het uitlezen van willekeurige bestanden op de Gitaly-server en toegang tot interne netwerkbronnen. Ten slotte kan een niet-geauthenticeerde gebruiker de GitLab Support Bot imiteren door het injecteren van arbitraire inhoud in Service Desk e-mailantwoorden, veroorzaakt door onjuiste verwerking van e-mailsjablonen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "GitLab heeft updates uitgebracht om deze kwetsbaarheden in GitLab Enterprise Edition te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Neutralization of Substitution Characters",
"title": "CWE-153"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/"
}
],
"title": "Kwetsbaarheden verholpen in GitLab Enterprise Edition",
"tracking": {
"current_release_date": "2026-06-12T07:39:37.406561Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0196",
"initial_release_date": "2026-06-12T07:39:37.406561Z",
"revision_history": [
{
"date": "2026-06-12T07:39:37.406561Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Community Edition, Enterprise Edition"
}
],
"category": "vendor",
"name": "GitLab"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "GitLab"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-10087",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "GitLab addressed a security flaw in multiple Enterprise Edition versions that allowed authenticated developers to execute arbitrary client-side code via the Analytics Dashboard due to improper input sanitization.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-10087 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-10087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-10087"
},
{
"cve": "CVE-2026-10733",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "description",
"text": "GitLab addressed a denial of service vulnerability caused by improper sanitization affecting authenticated users on the CI/CD Catalog page in versions 17.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-10733 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-10733.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-10733"
},
{
"cve": "CVE-2026-1500",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "GitLab addressed a denial of service vulnerability in versions 17.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, caused by uncontrolled resource consumption during a crafted file upload by an authenticated user.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-1500 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-1500.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-1500"
},
{
"cve": "CVE-2026-3553",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "GitLab addressed a security vulnerability in versions 12.0 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users to improperly access confidential issue details due to authorization flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-3553 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-3553.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-3553"
},
{
"cve": "CVE-2026-6269",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "GitLab addressed a security flaw in versions 15.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 that allowed authenticated users with developer permissions to improperly modify hidden merge requests due to insufficient authorization controls.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6269 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6269.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-6269"
},
{
"cve": "CVE-2026-6277",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "GitLab addressed a security flaw in multiple GitLab EE versions where users with Security Manager-role permissions could improperly manage project security settings despite the feature being disabled, due to insufficient authorization checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6277 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6277.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-6277"
},
{
"cve": "CVE-2026-6552",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "description",
"text": "GitLab addressed a security flaw in GitLab EE versions 15.5 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where an authenticated group Owner could exploit improper authorization in Group SAML identity management to hijack another group member\u0027s account.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6552 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6552.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-6552"
},
{
"cve": "CVE-2026-6976",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "description",
"text": "GitLab addressed a vulnerability affecting versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2, where authenticated users with developer permissions could conceal changes in merge request diff views due to improper file name input handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-6976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-6976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-6976"
},
{
"cve": "CVE-2026-7250",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "GitLab addressed a denial of service vulnerability caused by improper input validation in API request parsing middleware affecting versions 12.10 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-7250 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-7250.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-7250"
},
{
"cve": "CVE-2026-8589",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "GitLab addressed a security vulnerability in multiple GitLab EE versions that allowed authenticated users to add unauthorized email addresses to other users\u0027 accounts due to improper input sanitization in group settings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-8589 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-8589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-8589"
},
{
"cve": "CVE-2026-9204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "GitLab addressed a vulnerability in versions prior to 18.10.8, 18.11.5, and 19.0.2 that allowed authenticated users to read arbitrary files from the Gitaly server and access internal network resources due to insufficient validation of secondary URLs during repository import.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-9204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-9204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-9204"
},
{
"cve": "CVE-2026-9694",
"cwe": {
"id": "CWE-153",
"name": "Improper Neutralization of Substitution Characters"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Substitution Characters",
"title": "CWE-153"
},
{
"category": "description",
"text": "GitLab versions 15.9 to before 18.10.8, 18.11 to before 18.11.5, and 19.0 to before 19.0.2 contain a vulnerability allowing unauthenticated users to impersonate the GitLab Support Bot and inject arbitrary content via crafted Service Desk email replies due to improper email template processing.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-9694 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-9694.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-9694"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…