Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
GitLab Allows Attackers to Leak Private Project Data
CVE-2026-0602
BIT-gitlab-2026-0602
Summary
A security issue in GitLab affects all versions from 15.6 to 18.9.2. An attacker with valid login credentials could access sensitive information from private projects, like issue details, without permission. Update GitLab to the latest version to fix this issue.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
Original title
Authentication Bypass Using an Alternate Path or Channel in GitLab
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances.
nvd CVSS3.1
4.3
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026