{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3agitlabgitlabcommunity/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:community:*:*:*","cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:enterprise:*:*:*"],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-1402"},{"cvss":4.3,"id":"CVE-2026-2601"},{"id":"CVE-2026-2710"},{"cvss":8.2,"id":"CVE-2026-4868"},{"cvss":4.3,"id":"CVE-2026-8716"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GitLab Community Edition (CE)","GitLab Enterprise Edition (EE)"],"_cs_severities":["medium"],"_cs_tags":["gitlab","vulnerability","denial-of-service","security-bypass","CVE-2026-1402","CVE-2026-2601","CVE-2026-2710","CVE-2026-4868","CVE-2026-5296","CVE-2026-6713","CVE-2026-8716"],"_cs_type":"advisory","_cs_vendors":["GitLab"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). These flaws can be exploited by attackers to trigger a remote denial of service (DoS) condition and bypass security policies implemented within GitLab. The vulnerabilities affect GitLab CE/EE versions 18.11.x prior to 18.11.4, versions 19.x prior to 19.0.1, and all versions prior to 18.10.7. Successful exploitation could lead to unauthorized access or disruption of GitLab services. Remediation involves applying the patches provided in the GitLab security bulletin released on May 27, 2026. The specific vulnerabilities are tracked as CVE-2026-1402, CVE-2026-2601, CVE-2026-2710, CVE-2026-4868, CVE-2026-5296, CVE-2026-6713, and CVE-2026-8716. Defenders should prioritize patching vulnerable instances to mitigate potential risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable GitLab instance (CE or EE) running a version between 18.10.0 and 19.0.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting an endpoint affected by one of the identified CVEs (CVE-2026-1402, CVE-2026-2601, CVE-2026-2710, CVE-2026-4868, CVE-2026-5296, CVE-2026-6713, CVE-2026-8716).\u003c/li\u003e\n\u003cli\u003eDepending on the specific vulnerability, the request could exploit a flaw related to input validation, authentication, or authorization mechanisms.\u003c/li\u003e\n\u003cli\u003eIf exploiting a DoS vulnerability, the attacker sends a specially crafted request that consumes excessive server resources, leading to a denial of service.\u003c/li\u003e\n\u003cli\u003eIf exploiting a security policy bypass vulnerability, the attacker gains unauthorized access to restricted resources or functionality within GitLab.\u003c/li\u003e\n\u003cli\u003eThe attacker may then leverage the bypassed security policy to perform actions they are not authorized to do, such as modifying project settings or accessing sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker could further exploit the compromised GitLab instance by injecting malicious code or escalating privileges, depending on the specific vulnerability exploited.\u003c/li\u003e\n\u003cli\u003eThe ultimate impact depends on the specific vulnerability and the attacker\u0026rsquo;s objectives, ranging from service disruption to data breach.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to a denial of service, disrupting access to GitLab for legitimate users. A security policy bypass can lead to unauthorized access to sensitive data, modification of project settings, or other malicious activities, depending on the attacker\u0026rsquo;s objectives. The number of affected installations is potentially large, given the widespread use of GitLab across various industries and organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch all GitLab CE and EE instances to versions 18.11.4, 19.0.1, or later as recommended in the \u003ca href=\"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-1-released/\"\u003eGitLab security bulletin\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts targeting these vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting GitLab endpoints, especially those containing unusual parameters or patterns, to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies within GitLab to minimize the potential impact of a security policy bypass.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T11:34:40Z","date_published":"2026-05-28T11:34:40Z","id":"https://feed.craftedsignal.io/briefs/2026-05-gitlab-vulns/","summary":"Multiple vulnerabilities in GitLab CE/EE allow attackers to cause remote denial of service and bypass security policies in versions 18.11.x before 18.11.4, 19.x before 19.0.1, and before 18.10.7; these vulnerabilities are tracked as CVE-2026-1402, CVE-2026-2601, CVE-2026-2710, CVE-2026-4868, CVE-2026-5296, CVE-2026-6713, and CVE-2026-8716.","title":"Multiple Vulnerabilities in GitLab Lead to DoS and Security Policy Bypass","url":"https://feed.craftedsignal.io/briefs/2026-05-gitlab-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","version":"https://jsonfeed.org/version/1.1"}