Information Exposure Vulnerability in GitLab by GitLab Inc.
CVE-2026-12053

8.6HIGH

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
25 June 2026

What is CVE-2026-12053?

GitLab has addressed a security issue in the GitLab EE platform, affecting all versions from 19.1 through 19.1.1. The vulnerability resulted from inadequate output filtering in Duo Workflows, which could potentially enable unauthorized users to access sensitive data that had already been committed to a project. This risk necessitated swift remediation to safeguard user information and prevent potential exploitation.

Affected Version(s)

GitLab 19.1 < 19.1.1

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks to [3nvz](https://hackerone.com/3nvz) and GitLab team member Dennis Appelt for reporting this vulnerability
.