—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitLab

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

GitLab Versions prior to 18.10.3, 18.9.5 and 18.8.9 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Overview

Multiple vulnerabilities have been reported in GitLab CE/EE that could allow a remote attacker to disclose sensitive information, cause denial-of-service conditions, perform cross-site scripting attacks, escalate privileges, or execute remote code on the targeted system.

Target Audience:

Organizations and individuals using GitLab CE/EE instances.

Risk Assessment:

Risk of unauthorized access, privilege escalation, information disclosure, cross-site scripting attacks and remote code execution.

Impact Assessment:

Potential for sensitive data theft, sensitive information disclosure, system compromise, loss of data integrity and denial-of-service impacting business operations.

Description

GitLab is a web-based DevOps platform that provides tools for software development, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.

These vulnerabilities exist in the GitLab CE/EE due to improper access control, input validation and sanitization flaws, and insufficient or incorrect authorization checks. An attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause denial-of-service conditions, perform cross-site scripting attacks, escalate privileges, or execute remote code on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

Vendor Information

Gitlab

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

References

 

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

CVE Name

CVE-2026-5173

CVE-2026-1092

CVE-2026-12664

CVE-2026-1403

CVE-2026-1101

CVE-2026-1516

CVE-2026-4332

CVE-2026-2619

CVE-2026-9484

CVE-2026-1752

CVE-2026-2104

CVE-2026-4916

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnc9soACgkQ3jCgcSdc

ys+YpBAAmguz+pvF8tqNZyzxBTHM+VetGi+Di3RwfitdNil6h8unrhpVi2J1nFzi

DsSgBUTNOy8HlY3/OtMnrYVYCdNn29gBmGg5gH81LAbRiOGLna5Imvqg31K5BEQq

v1YOe8ipb21fjRdF58FetrBg+87bKNq1DWpTt2JlouIWWHneusXNxCtgF9UL7l0O

pggJFMlL1Vao76V/xHO/nacNmO4yMefnYk9mRcYK3k/KNEAqdQrRG8O7Y5WXdTNN

G2pWH4RXeAUUWmRBd8S3UNtj1S9e1F22dWCUACo8NXFH9Pke75fmL2fH4rdFV+Hq

iceMa9U0Cx0949DqGefRznRxe4vYEUH+BHB2n2mESOPubi/8aB7RyReHN4YgOfp5

7i5pbBd3l8UMipbKsG8XSD/cZZO12/LJIP809FdFmrYT4JfmZX3guYkR1hC4E4p9

KqA2kpWsYF4se4YAabco4sxcxeLqSLzZZtdsPSzSCdUJT4hgrvXc8W/VHUL4sDts

Y+YonGeCrm4/oCSAiCPmtv6yzHQb4QcDbzIpZWsxQkgvjjgWbOsyd4kpeCBH+lMg

UllqSv7GXQFoyEkVY93rRVqiPN+M9nsllqRlR+iEWoBbOuJhs5d7z+YNmLHHctNc

4EWIIkTDoh5zu1DVsJ311sRN/uyc9Sn8unqWMFgZvx6yn6Ky7RA=

=XIsb

—–END PGP SIGNATURE—–