Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities HKCERT

GitLab Multiple Vulnerabilities

cve-2026-1234codemitre-ta0001mitre-t1190
Multiple vulnerabilities in GitLab, including security restriction bypass, cross-site scripting, and denial of service, could be exploited by a remote attacker. Affected versions are GitLab Community and Enterprise Editions prior to 18.9.2, 18.8.6, and 18.7.6. The vendor has released fixes; administrators must apply the patches specified in the vendor's security release.
Read Full Article →

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, data manipulation, information disclosure and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass Cross-Site Scripting Data Manipulation Information Disclosure System / Technologies affected GitLab Community Edition (CE) versions prior to 18.9.2, 18.8.6, 18.7.6 GitLab Enterprise Edition (EE) versions prior to 18.9.2, 18.8.6, 18.7.6 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/

Related Articles

HIGH Supply-chain attack using invisible code hits GitHub and other repositories Ars Technica Security MEDIUM Git identity spoof fools Claude into giving bad code the nod The Register Security HIGH Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478) Snyk HIGH TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Help Net Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn