Authorization Bypass Vulnerability in GitLab CE/EE
CVE-2026-3553

3.1LOW

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
11 June 2026

What is CVE-2026-3553?

A security flaw in GitLab CE/EE allows authenticated users to access confidential issue details due to improper authorization checks. This vulnerability affects multiple versions — specifically all versions from 12.0 up to but not including 18.10.8, along with versions 18.11 prior to 18.11.5 and 19.0 prior to 19.0.2. Exploiting this issue could lead to unintended exposure of sensitive information. GitLab has addressed this vulnerability in their latest patch releases, emphasizing the importance of keeping installations updated to mitigate potential risks.

Affected Version(s)

GitLab 12.0 < 18.10.8

GitLab 18.11 < 18.11.5

GitLab 19.0 < 19.0.2

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [go7f0](https://hackerone.com/go7f0) for reporting this vulnerability through our HackerOne bug bounty program
.