GitLab

Multiple vulnerabilities in GitLab CE/EE allow attackers to cause remote denial of service and bypass security policies in versions 18.11.x before 18.11.4, 19.x before 19.0.1, and before 18.10.7; these vulnerabilities are tracked as CVE-2026-1402, CVE-2026-2601, CVE-2026-2710, CVE-2026-4868, CVE-2026-5296, CVE-2026-6713, and CVE-2026-8716.

The Red Canary Intelligence Insights report for May 2026 highlights the rise of ClearFake, ACR Stealer, and GraphRunner, with ClearFake using JavaScript injection to deliver malware like ACR Stealer, and GraphRunner being abused for reconnaissance and data exfiltration via the Microsoft Graph API.

Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.

Arcane's REST API lacks proper admin authorization checks on Git repository management endpoints, allowing any authenticated user to exfiltrate stored Git credentials and tamper with GitOps configurations by redirecting credential requests to an attacker-controlled host.

Hackers injected credential-stealing malware into newly published versions of the node-ipc npm package in a supply chain attack, collecting cloud credentials, SSH keys, CI/CD secrets, and other sensitive data, exfiltrating it through DNS TXT queries.

Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) can allow an attacker to perform arbitrary code execution, compromise data confidentiality, perform server-side request forgery (SSRF), and other security breaches.

The @yoda.digital/gitlab-mcp-server's SSE transport lacks authentication and uses wildcard CORS, enabling unauthenticated attackers to execute arbitrary GitLab API calls using the operator's GitLab PAT, including destructive operations.