Back

Multiple Vulnerabilities Remediated in GitLab Affecting Various Versions

Severity: Medium (Score: 57.9)

Sources: Nvd.Nist

Summary

GitLab has addressed several vulnerabilities across its CE and EE versions, impacting users from versions 11.10 to 18.10.1. CVE-2026-2726 allows authenticated users to perform unauthorized actions on merge requests due to improper access control. CVE-2026-4363 could enable unauthorized resource access due to improper caching of authorization decisions. CVE-2025-13436 permits denial of service through excessive resource consumption related to CI inputs. CVE-2026-1724 exposes API tokens of self-hosted AI models to unauthenticated users due to access control flaws. All vulnerabilities were published on March 25, 2026, and patches are now available. Users are urged to update their systems to mitigate these risks. Key Points: • GitLab has patched multiple vulnerabilities affecting versions 11.10 to 18.10.1. • CVE-2026-2726 and CVE-2026-4363 involve unauthorized access due to access control issues. • CVE-2025-13436 could lead to denial of service through resource exhaustion.

Key Entities

  • DDoS (attack_type)
  • Gitlab (platform)
  • GitLab EE (platform)
  • CVE-2025-13436 (cve)
  • CVE-2026-1724 (cve)
  • CVE-2026-2726 (cve)
  • CVE-2026-4363 (cve)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed