CVE Catalog

CVE-2026-8330

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability in GitLab CE/EE allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint. It affects all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1.

Risk Assessment

Individuals with access to application logs may obtain confidential data, potentially leading to information disclosure and security breaches for the organization.

Recommendation

Immediately update GitLab to version 18.11.6, 19.0.3, or 19.1.1 depending on the branch in use.

Original NVD description (English source)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS