GCVE - cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:*

part: a version: 18.10.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352373

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4363`	vulnerable	2026-06-03 15:26:25.365562	Incorrect Authorization in GitLab LOW (3.7) GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions. Published: 2026-03-25T15:04:46.503Z Updated: 2026-03-25T19:57:37.853Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/578561 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3988`	vulnerable	2026-06-03 15:23:33.844367	Inefficient Algorithmic Complexity in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing. Published: 2026-03-25T16:33:43.952Z Updated: 2026-03-25T17:21:53.191Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/593140 https://hackerone.com/reports/3597342 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3857`	vulnerable	2026-06-03 15:23:33.631504	Cross-Site Request Forgery (CSRF) in GitLab HIGH (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. Published: 2026-03-25T16:33:53.854Z Updated: 2026-03-26T13:20:03.781Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/592828 https://hackerone.com/reports/3584382 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2995`	vulnerable	2026-06-03 15:19:25.542860	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab HIGH (7.7) GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content. Published: 2026-03-25T16:33:58.853Z Updated: 2026-03-26T13:20:13.378Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3564600 https://gitlab.com/gitlab-org/gitlab/-/work_items/591065 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2973`	vulnerable	2026-06-03 15:19:25.515784	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab MEDIUM (5.4) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams. Published: 2026-03-25T16:34:03.852Z Updated: 2026-03-26T17:24:32.440Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3566802 https://gitlab.com/gitlab-org/gitlab/-/work_items/591049 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2745`	vulnerable	2026-06-03 15:19:24.908730	Authentication Bypass Using an Alternate Path or Channel in GitLab MEDIUM (6.8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process. Published: 2026-03-25T16:34:18.860Z Updated: 2026-03-26T03:55:31.559Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3557844 https://gitlab.com/gitlab-org/gitlab/-/work_items/590810 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2726`	vulnerable	2026-06-03 15:19:24.868930	Incorrect Authorization in GitLab MEDIUM (4.3) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Published: 2026-03-25T16:34:13.838Z Updated: 2026-03-25T17:14:34.612Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3543886 https://gitlab.com/gitlab-org/gitlab/-/work_items/590717 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2370`	vulnerable	2026-06-03 15:19:24.125170	Improper Handling of Parameters in GitLab HIGH (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. Published: 2026-03-29T23:33:44.410Z Updated: 2026-03-30T15:02:06.576Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3522829 https://gitlab.com/gitlab-org/gitlab/-/work_items/589635 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1724`	vulnerable	2026-06-03 15:14:45.202298	Missing Authentication for Critical Function in GitLab MEDIUM (6.8) GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control. Published: 2026-03-25T16:34:28.860Z Updated: 2026-03-27T14:59:15.608Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3531412 https://gitlab.com/gitlab-org/gitlab/-/work_items/588334 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14595`	vulnerable	2026-06-03 14:58:55.647251	Missing Authorization in GitLab MEDIUM (4.3) GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control Published: 2026-03-25T16:34:43.856Z Updated: 2026-03-27T14:58:40.717Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3457779 https://gitlab.com/gitlab-org/gitlab/-/work_items/583971 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13436`	vulnerable	2026-06-03 14:58:46.065037	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs. Published: 2026-03-25T16:34:53.851Z Updated: 2026-03-25T17:03:54.631Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3418149 https://gitlab.com/gitlab-org/gitlab/-/work_items/581372 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13078`	vulnerable	2026-06-03 14:58:45.486847	Improper Validation of Specified Quantity in Input in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs. Published: 2026-03-25T16:35:03.858Z Updated: 2026-03-25T17:02:57.718Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3413704 https://gitlab.com/gitlab-org/gitlab/-/work_items/580488 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.