Back

Critical Vulnerabilities Discovered in GitLab: Immediate Action Required

Severity: High (Score: 72.0)

Sources: Ccb.Belgium.Be, Heise.De

Summary

GitLab has disclosed multiple high severity vulnerabilities affecting both Community and Enterprise Editions, necessitating immediate patching. The vulnerabilities include CVE-2026-2370 and CVE-2026-3857, which allow authenticated users to exploit sensitive data and unauthenticated attackers to execute actions on behalf of users. CVE-2026-2995 enables HTML injection, potentially leading to account takeovers, while CVE-2026-3988 can cause Denial of Service (DoS) by exhausting resources. The vulnerabilities were published on March 25, 2026, and organizations are urged to update to versions 18.10.1, 18.9.3, and 18.8.7. Although no active exploitation has been reported yet, the risk remains significant. The Centre for Cybersecurity Belgium emphasizes the urgency of installing updates after thorough testing. Organizations should also enhance monitoring to detect any suspicious activity related to these vulnerabilities. Key Points: • GitLab vulnerabilities allow unauthorized actions and account takeovers. • Four high severity CVEs require immediate patching to prevent exploitation. • No active exploitation reported yet, but risk remains significant.

Key Entities

  • DDoS (attack_type)
  • Denial of Service (attack_type)
  • Gitlab (platform)
  • CVE-2026-2370 (cve)
  • CVE-2026-2726 (cve)
  • CVE-2026-2995 (cve)
  • CVE-2026-3857 (cve)
  • CVE-2026-3988 (cve)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed