Back to overview

CVE-2026-11827

MEDIUM
4.9
CVSS 3.1
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.

Metadata

CVE ID
CVE-2026-11827
State
PUBLISHED
Assigner
GitLab
Reserved
2026-06-09 20:03 UTC
Published
2026-07-08 20:46 UTC
Last updated
2026-07-08 20:46 UTC
Primary CWE
CWE-522
CWE-522: Insufficiently Protected Credentials
Vendor / Product
GitLab / GitLab
Sources
cve.org  ·  NVD

Severity & Metrics

4.9 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
GitLab GitLab 9.5 < 18.11.7, 19.0 < 19.0.4, 19.1 < 19.1.2
Weakness (CWE)
CWESourceDescription
CWE-522 cna CWE-522: Insufficiently Protected Credentials
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.9 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Back to overview