CVE Catalog

CVE-2026-12053

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

In GitLab EE, a vulnerability was found that under certain conditions could allow a user to access sensitive information already committed to a project. The issue was due to insufficient output filtering in Duo Workflows.

Risk Assessment

The risk involves potential leakage of sensitive data such as passwords, API keys, or other secrets that were previously added to the project repository.

Recommendation

Immediately update GitLab EE to version 19.1.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS