https://feed.craftedsignal.io/tags/gitlab/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 30 Mar 2026 00:16:01 +0000https://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/Mon, 30 Mar 2026 00:16:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.<p>GitLab has addressed a critical vulnerability, CVE-2026-2370, affecting GitLab CE/EE installations with Jira Connect enabled. This vulnerability impacts versions 14.3 up to 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The vulnerability stems from improper authorization checks, which enable an authenticated user with minimal workspace permissions within Jira to potentially obtain GitLab installation credentials. This, in turn, allows the attacker to impersonate the GitLab application…</p> highadvisorygitlabjiraauthenticationauthorizationcve-2026-2370https://feed.craftedsignal.io/briefs/2026-03-gitlab-cve-2026-2995/Thu, 26 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-cve-2026-2995/CVE-2026-2995 is a vulnerability in GitLab EE versions 15.4 to 18.10.1 where an authenticated user can add email addresses to other user accounts due to improper HTML sanitization, potentially leading to account takeover or information disclosure.<p>GitLab has addressed CVE-2026-2995, a vulnerability affecting GitLab Enterprise Edition. The flaw resides in versions 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated attacker could exploit this vulnerability to inject arbitrary HTML content into user profiles, specifically targeting the addition of unauthorized email addresses. This is due to improper sanitization of HTML within GitLab&rsquo;s user profile management features. Successful exploitation can lead to…</p> mediumadvisorygitlabhtml-injectioncve-2026-2995https://feed.craftedsignal.io/briefs/2026-03-gitlab-graphql-dos/Thu, 26 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-graphql-dos/CVE-2026-3988 is a denial of service vulnerability in GitLab CE/EE allowing unauthenticated users to crash instances by sending malformed GraphQL requests, affecting versions 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1.<p>CVE-2026-3988 is a denial-of-service (DoS) vulnerability affecting GitLab CE/EE. The vulnerability resides in the processing of GraphQL requests and stems from improper input validation. An unauthenticated attacker can exploit this flaw by sending specially crafted GraphQL requests, causing the GitLab instance to become unresponsive, effectively denying service to legitimate users. The affected versions include all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1…</p> mediumadvisorydenial-of-servicegraphqlgitlabcve-2026-3988https://feed.craftedsignal.io/briefs/2026-03-gitlab-csrf/Thu, 26 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-csrf/CVE-2026-3857 describes a vulnerability in GitLab CE/EE versions 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, where an unauthenticated user can execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection, potentially leading to data modification or privilege escalation.<p>GitLab has addressed a critical security flaw, identified as CVE-2026-3857, within its Community Edition (CE) and Enterprise Edition (EE). This vulnerability impacts GitLab instances running versions 17.10 up to, but not including, 18.8.7, versions 18.9 up to 18.9.3, and versions 18.10 up to 18.10.1. The core issue lies in insufficient Cross-Site Request Forgery (CSRF) protection when handling GraphQL mutations. An unauthenticated attacker could exploit this by crafting malicious web pages…</p> highadvisorygitlabcsrfcve-2026-3857graphql