CVE-2026-2238
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability in GitLab CE/EE allowed an unauthenticated user to view confidential issue references in public projects under certain conditions due to improper authorization checks. Affected versions: 17.5 to 18.11.6, 19.0 to 19.0.3, and 19.1 to 19.1.1.
Risk Assessment
The risk is the potential disclosure of confidential issue references (e.g., numbers or titles) to unauthorized users, compromising data confidentiality in public projects.
Recommendation
Immediately upgrade GitLab CE/EE to version 18.11.6, 19.0.3, or 19.1.1 (or later) depending on your branch.
Original NVD description (English source)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks.

