CVE-2026-12053
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
In GitLab EE, a vulnerability was found that under certain conditions could allow a user to access sensitive information already committed to a project. The issue was due to insufficient output filtering in Duo Workflows.
Risk Assessment
The risk involves potential leakage of sensitive data such as passwords, API keys, or other secrets that were previously added to the project repository.
Recommendation
Immediately update GitLab EE to version 19.1.1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

