CVE-2026-1747 — Authentication Bypass Using an Alternate Path or Channel in Gitlab

CWE-288 — Authentication Bypass Using an Alternate Path or Channel6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 98.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedFeb 25

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5gitlab/gitlab17.11 — 18.7.5+2

▶NVDgitlab/gitlab17.11.0 — 18.7.5+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

OSV

CVE-2026-1747: GitLab has remediated an issue in GitLab EE affecting all versions from 17↗2026-02-25

▶

GHSA

GHSA-289q-cmj5-r43x: GitLab has remediated an issue in GitLab EE affecting all versions from 17↗2026-02-25

▶

📋Vendor Advisories

GitLab

CVE-2026-1747: GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under ce↗2026-02-25

▶

Debian

CVE-2026-1747: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 be...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1747 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶