Debian Gitlab vulnerabilities

CVE-2026-1388 [HIGH] CVE-2026-1388: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 b... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions. Scope: local sid: open

CVE-2026-5173 [HIGH] CVE-2026-5173: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control. Scope: local sid: open

CVE-2026-1090 [HIGH] CVE-2026-1090: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing. Scope: local sid:

CVE-2026-0752 [HIGH] CVE-2026-0752: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI. Scope: local sid: open

CVE-2026-2370 [HIGH] CVE-2026-2370: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. Scope: lo

CVE-2026-1092 [HIGH] CVE-2026-1092: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads. Scope: local sid: open

CVE-2026-1662 [HIGH] CVE-2026-1662: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint. Scope: local sid: open

CVE-2026-0595 [HIGH] CVE-2026-0595: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles. Scope: local sid: open

CVE-2026-1732 [MEDIUM] CVE-2026-1732: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances. Scope: local sid: open

CVE-2026-1458 [MEDIUM] CVE-2026-1458: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 b... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. Scope: local sid: open

CVE-2026-2745 [MEDIUM] CVE-2026-2745: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process. Scope: local sid: open

CVE-2026-2845 [MEDIUM] CVE-2026-2845: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 be... An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses. Scope: local sid: open

CVE-2026-2726 [MEDIUM] CVE-2026-2726: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Scope: local sid: open

CVE-2026-1230 [MEDIUM] CVE-2026-1230: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 b... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances. Scope: local sid

CVE-2026-1663 [MEDIUM] CVE-2026-1663: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances. Scope: local sid: op

CVE-2026-0602 [MEDIUM] CVE-2026-0602: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances. Scope: lo

CVE-2026-1182 [MEDIUM] CVE-2026-1182: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances. Scope: local sid: open

CVE-2026-1102 [MEDIUM] CVE-2026-1102: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. Scope: local sid: open

CVE-2026-3848 [MEDIUM] CVE-2026-3848: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input validation in import functionality. Scope: local sid: open

CVE-2026-4916 [LOW] CVE-2026-4916: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations. Scope: local sid: resolved