Insufficient Filtering in GitLab CI/CD API Endpoint Exposes Sensitive Information
CVE-2026-8330
4.4MEDIUM
What is CVE-2026-8330?
A security vulnerability exists in GitLab CE/EE versions 9.3 through 18.11.6, 19.0 through 19.0.3, and 19.1 through 19.1.1, where the CI/CD API endpoint inadequately filters input. Under specific conditions, this flaw may allow sensitive information to be inadvertently recorded in application logs, potentially exposing confidential data to unauthorized individuals. It is essential for users of affected versions to apply the latest patches and updates to ensure the integrity of their systems.
Affected Version(s)
GitLab 9.3 < 18.11.6
GitLab 19.0 < 19.0.3
GitLab 19.1 < 19.1.1
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This vulnerability has been discovered internally by GitLab team member Joel Clarke