CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1752 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2026-1752
08 Apr 2026 — GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API. • https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2026-2745 – Authentication Bypass Using an Alternate Path or Channel in GitLab
https://notcve.org/view.php?id=CVE-2026-2745
25 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process. • https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1182 – Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
https://notcve.org/view.php?id=CVE-2026-1182
12 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances. • https://gitlab.com/gitlab-org/gitlab/-/work_items/586613 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-12576 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-12576
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-13929 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-13929
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1090 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2026-1090
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1230 – Use of Incorrectly-Resolved Name or Reference in GitLab
https://notcve.org/view.php?id=CVE-2026-1230
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2026-3848 – Improper Neutralization of CRLF Sequences ('CRLF Injection') in GitLab
https://notcve.org/view.php?id=CVE-2026-3848
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input validation in import functionality. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2026-1388 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2026-1388
25 Feb 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions. GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 9.2 anterior a la 18.7.5, la 18.8 anterior a la 18.8.5, y la 18.9 anterior a la 18.9.1 que podría habe... • https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-2845 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2026-2845
25 Feb 2026 — An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 11.2 anterior a la 18.7.5, la 18.8 anterior a la 18.8.5 y la 18.9 anterior a la 18.9.1 que podría haber permitido a un usuario... • https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released • CWE-770: Allocation of Resources Without Limits or Throttling •