Insufficient Filtering in GitLab CI/CD API Endpoint Exposes Sensitive Information
CVE-2026-8330

4.4MEDIUM

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
25 June 2026

What is CVE-2026-8330?

A security vulnerability exists in GitLab CE/EE versions 9.3 through 18.11.6, 19.0 through 19.0.3, and 19.1 through 19.1.1, where the CI/CD API endpoint inadequately filters input. Under specific conditions, this flaw may allow sensitive information to be inadvertently recorded in application logs, potentially exposing confidential data to unauthorized individuals. It is essential for users of affected versions to apply the latest patches and updates to ensure the integrity of their systems.

Affected Version(s)

GitLab 9.3 < 18.11.6

GitLab 19.0 < 19.0.3

GitLab 19.1 < 19.1.1

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This vulnerability has been discovered internally by GitLab team member Joel Clarke
.