Debian Gitlab vulnerabilities

CVE-2026-4363 [LOW] CVE-2026-4363: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions. Scope: local sid: resolved

CVE-2026-4332 [MEDIUM] CVE-2026-4332: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization. Scope: local sid: resolved

CVE-2026-2619 [MEDIUM] CVE-2026-2619: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization. Scope: local sid: resolved

CVE-2026-1516 [MEDIUM] CVE-2026-1516: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 b... GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content. Scope: local sid: resolved

CVE-2026-0958 [HIGH] CVE-2026-0958: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. Scope: local sid: resolved

CVE-2026-1725 [MEDIUM] CVE-2026-1725: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 befo... GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint. Scope: local sid: resolved

CVE-2026-1282 [LOW] CVE-2026-1282: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. Scope: local sid: resolved

CVE-2026-1101 [MEDIUM] CVE-2026-1101: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries. Scope: local sid: resolved

CVE-2026-1752 [MEDIUM] CVE-2026-1752: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API. Scope: local sid: resolved

CVE-2026-1080 [MEDIUM] CVE-2026-1080: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. Scope: local sid: resolved

CVE-2026-1751 [LOW] CVE-2026-1751: gitlab - A vulnerability has been discovered in GitLab CE/EE affecting all versions start... A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions. Scope: local sid: open

CVE-2026-2104 [MEDIUM] CVE-2026-2104: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks. Scope: local sid: resolved

CVE-2026-1456 [MEDIUM] CVE-2026-1456: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview. Scope: local sid: resolved

CVE-2026-1724 [MEDIUM] CVE-2026-1724: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control. Scope: local sid: resolved

CVE-2026-2973 [MEDIUM] CVE-2026-2973: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams. Scope: local sid: resolved

CVE-2026-1747 [MEDIUM] CVE-2026-1747: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 be... GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages. Scope: local sid: resolved

CVE-2026-2995 [HIGH] CVE-2026-2995: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 bef... GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content. Scope: local sid: resolved

CVE-2026-1094 [MEDIUM] CVE-2026-1094: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. Scope: local sid: resolved

CVE-2026-0723 [HIGH] CVE-2026-0723: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses. Scope: local sid: resolved

CVE-2026-3988 [HIGH] CVE-2026-3988: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 ... GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing. Scope: local sid: resolved