—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Gitlab Community Edition (CE) and Enterprise Edition (EE) versions prior to 19.0.2, 18.11.5, and 18.10.8

Overview

Multiple vulnerabilities have been reported in GitLab Community Edition (CE) and Enterprise Edition (EE) that could allow an attacker to bypass authorization controls, execute arbitrary client-side code, read arbitrary local files, add unauthorized emails, or cause a Denial of Service (DoS) on the targeted system.

Target Audience:

Organizations and individuals using affected GitLab Community Edition (CE) and Enterprise Edition (EE) instances.

Risk Assessment:

Potential risk of unauthorized access, information disclosure, privilege misuse and denial of service.

Impact Assessment:

Risk of account compromise, unauthorized information disclosure and service disruption.

Description

GitLab is a web-based DevOps platform that provides tools for software development, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.

These vulnerabilities exist in GitLab due to multiple flaws including improper authorization enforcement, improper input sanitization and uncontrolled resource consumption across various components.

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to targeted accounts, execute malicious code, read confidential internal network files and cause denial-of-service conditions on targeted systems.

Solution

Apply appropriate updates as mentioned:

https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/

Vendor Information

GitLab

https://docs.gitlab.com/releases/patches/

References

GitLab

https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/

CVE Name

CVE-2026-6552

CVE-2026-10087

CVE-2026-7250

CVE-2026-8589

CVE-2026-1500

CVE-2026-6269

CVE-2026-9204

CVE-2026-10733

CVE-2026-6277

CVE-2026-6976

CVE-2026-3553

CVE-2026-9694

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmowELUACgkQ3jCgcSdc

ys/Z8w//VBkIJgJdHcNqIs+2QU4O5l+3wv+wEGzCVJrmEMjJOZMtTsprNA8t21Dv

3u6FC+swbidFfMetmoSAo9gbyyxlsP8Ph96PTo9wZ4o2edyPpDb3CNFjvBkRXSfm

5BfOqz5BuktVHN77nbKE/dO9otmXYg9/4aCBK1QV/7/eP8/qbOuS3F3DymuqsIjf

17JSd2keS6FP2vUneUgMPFrQzvCYsm9nFtVm01lUQGrwRQseheaoVBCCP0GfbHQd

3dujz2zErhajQjMfgPtIj9Ng3rntyIZo0PedcC/KaqHc2BcfJ4cmIQ0cUvAKmlbe

GJCTM35xhnO1lDVnBGYKfSH60Re3HqGUNByoda9D+WHgXbvF5CxY2LLHDagi34Ku

yAoC9dt9qk4pGSpknn2LqFHrt3k7srldevRFhl0WtwbgHgV+5omRvHHwQSnbMBIm

nUmUR+Tai1PDAvjHobtRNDglSpYBdhZ91KoNpTI8invqOVyJEjZ+EAyJ+UmYHyGx

f3tAMrH+6q78JVkqXAID4bHS6h55WrvafUd+0KFJAQ1LlmtLxbpJDxg6DnIqVuex

oNMlz+ROgWrsJB94kP3VJ6tsakvH3wa3u/H7FG+XprVRi+AsN09VCAXZScGHntdy

wrNLpdFturFRZSKNce3/M/hO2XScvbtowoZKMuoUIKYLAkTN6c4=

=1C/h

—–END PGP SIGNATURE—–