GCVE - cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:enterprise:*:*:*

part: a version: 18.11.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352390

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-6515`	vulnerable	2026-06-03 15:27:55.414762	Insufficient Session Expiration in GitLab MEDIUM (5.4) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions. Published: 2026-04-22T16:04:11.611Z Updated: 2026-04-22T17:51:09.883Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/595993 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-5816`	vulnerable	2026-06-03 15:27:54.260943	Improper Resolution of Path Equivalence in GitLab HIGH (8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions. Published: 2026-04-22T16:04:26.293Z Updated: 2026-04-23T03:56:09.061Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3572231 https://gitlab.com/gitlab-org/gitlab/-/work_items/592816 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-5377`	vulnerable	2026-06-03 15:26:27.091643	Incorrect Authorization in GitLab MEDIUM (4.3) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process. Published: 2026-04-22T16:04:31.304Z Updated: 2026-04-22T17:52:14.162Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/595553 https://hackerone.com/reports/3640688 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-5262`	vulnerable	2026-06-03 15:26:26.910024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input validation. Published: 2026-04-22T16:04:36.550Z Updated: 2026-04-22T18:08:34.142Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/595332 https://hackerone.com/reports/3574642 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-4922`	vulnerable	2026-06-03 15:26:26.305561	Cross-Site Request Forgery (CSRF) in GitLab HIGH (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. Published: 2026-04-22T16:29:38.861Z Updated: 2026-04-24T03:55:17.281Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/594937 https://hackerone.com/reports/3627285 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3254`	vulnerable	2026-06-03 15:23:31.912339	Improper Restriction of Rendered UI Layers or Frames in GitLab LOW (3.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox. Published: 2026-04-22T16:29:48.833Z Updated: 2026-04-22T17:39:44.965Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3572752 https://gitlab.com/gitlab-org/gitlab/-/work_items/591587	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1660`	vulnerable	2026-06-03 15:14:44.891431	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation. Published: 2026-04-22T16:04:51.382Z Updated: 2026-04-22T17:39:02.958Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3518743 https://gitlab.com/gitlab-org/gitlab/-/work_items/588200 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9957`	vulnerable	2026-06-03 15:14:40.213524	Incorrect Authorization in GitLab LOW (2.7) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks. Published: 2026-04-22T16:05:16.304Z Updated: 2026-04-22T17:34:06.772Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3275222 https://gitlab.com/gitlab-org/gitlab/-/work_items/567781 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-6016`	vulnerable	2026-06-03 15:12:26.325896	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain conditions. Published: 2026-04-22T16:05:26.340Z Updated: 2026-04-22T17:32:08.602Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3160363 https://gitlab.com/gitlab-org/gitlab/-/work_items/548940 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3922`	vulnerable	2026-06-03 15:01:05.945496	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resource allocation limits in the GraphQL API. Published: 2026-04-22T16:05:31.304Z Updated: 2026-04-22T17:28:16.879Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3098035 https://gitlab.com/gitlab-org/gitlab/-/work_items/537422 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0186`	vulnerable	2026-06-03 14:58:23.971285	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to a discussions endpoint. Published: 2026-04-22T16:05:41.343Z Updated: 2026-04-22T17:25:02.340Z Open on db.gcve.eu Reference links https://hackerone.com/reports/2915694 https://gitlab.com/gitlab-org/gitlab/-/work_items/511312 https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.