Multiple vulnerabilities in GitLab, including security restriction bypass, cross-site scripting, and elevation of privilege, can be exploited remotely by an attacker. Affected versions are GitLab Community and Enterprise Editions prior to 18.10.1, 18.9.3, and 18.8.7. The vendor has released fixes; administrators must apply the patches detailed at the provided URL to remediate the issues.
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, sensitive information disclosure, cross-site scripting, data manipulation and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass Cross-Site Scripting Data Manipulation Information Disclosure Elevation of Privilege Spoofing System / Technologies affected GitLab Community Edition (CE) versions prior to 18.10.1, 18.9.3, 18.8.7 GitLab Enterprise Edition (EE) versions prior to 18.10.1, 18.9.3, 18.8.7 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/