Insufficient Authorization in GitLab EE Affects Multiple Versions
CVE-2026-3176

3.1LOW

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
25 June 2026

What is CVE-2026-3176?

In GitLab EE, a vulnerability allows an authenticated user, who possesses limited permissions, to access sensitive project information due to inadequate authorization checks. This issue affects all versions from 18.6 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1. It could potentially lead to unauthorized access to project data, raising significant concerns for project confidentiality and integrity.

Affected Version(s)

GitLab 18.6 < 18.11.6

GitLab 19.0 < 19.0.3

GitLab 19.1 < 19.1.1

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [modestia](https://hackerone.com/modestia) for reporting this vulnerability through our HackerOne bug bounty program
.