CVE-2026-11379
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
An incorrect authorization issue in DAST site profile management in GitLab EE could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.
Risk Assessment
The risk involves potential leakage of sensitive credentials used in DAST scanning, which could lead to unauthorized access to systems or further attacks.
Recommendation
It is recommended to immediately upgrade GitLab EE to version 18.11.6, 19.0.3, or 19.1.1 depending on the branch in use.
Original NVD description (English source)
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

