CVE Catalog

CVE-2026-2238

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability in GitLab CE/EE allowed an unauthenticated user to view confidential issue references in public projects under certain conditions due to improper authorization checks. Affected versions: 17.5 to 18.11.6, 19.0 to 19.0.3, and 19.1 to 19.1.1.

Risk Assessment

The risk is the potential disclosure of confidential issue references (e.g., numbers or titles) to unauthorized users, compromising data confidentiality in public projects.

Recommendation

Immediately upgrade GitLab CE/EE to version 18.11.6, 19.0.3, or 19.1.1 (or later) depending on your branch.

Original NVD description (English source)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS