CVE-2026-3553

Published: Jun 11, 2026Modified: Jun 11, 2026

3.1

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.6 / Impact: 1.4

Source: cve@gitlab.com (Secondary)

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (3)

https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/

Source: cve@gitlab.com

https://gitlab.com/gitlab-org/gitlab/-/work_items/592295

Source: cve@gitlab.com

https://hackerone.com/reports/3578216

Source: cve@gitlab.com

Timeline

No history available yet.