CVE-2026-5173 — Exposed Dangerous Method or Function in Gitlab

CWE-749 — Exposed Dangerous Method or Function17 documents6 sources

Severity

8.5HIGHNVD

EPSS

0.0%

top 93.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedApr 8

Latest updateApr 13

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 3.1 | Impact: 4.7

Affected Packages4 packages

▶CVEListV5gitlab/gitlab16.9.6 — 18.8.9+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-5gj7-3j23-w2h2: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16↗2026-04-09

▶

📋Vendor Advisories

GitLab

CVE-2026-5173: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that cou↗2026-04-08

▶

Debian

CVE-2026-5173: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9....↗2026

▶

🕵️Threat Intelligence

Hackernews

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More↗2026-04-13

▶

Wiz

CVE-2025-12664 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-1516 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2619 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-9484 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶