Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
GitLab: Authenticated Users Can Access Confidential Issues via CSV Export
CVE-2026-2104
Summary
Authenticated users in GitLab Community Edition and Enterprise Edition can potentially access confidential issues assigned to other users if they have permission to export issues in CSV format. This is fixed in newer versions of the software. Update to the latest version to ensure security.
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access c...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.
nvd CVSS3.1
4.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026