CVE Catalog

CVE-2026-11379

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

An incorrect authorization issue in DAST site profile management in GitLab EE could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

Risk Assessment

The risk involves potential leakage of sensitive credentials used in DAST scanning, which could lead to unauthorized access to systems or further attacks.

Recommendation

It is recommended to immediately upgrade GitLab EE to version 18.11.6, 19.0.3, or 19.1.1 depending on the branch in use.

Original NVD description (English source)

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS