Zero Day MonitorZDM

← Back to list

4.3

CVE-2026-1752PATCHED

gitlab · gitlab

Incorrect Authorization in GitLab

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.

Affected Products

Vendor	Product	Versions
gitlab	gitlab	11.3, 18.9, 18.10, 18.8.8, 18.9.4, 18.10.2

References

https://hackerone.com/reports/3533545(technical-description, exploit, permissions-required)
https://gitlab.com/gitlab-org/gitlab/-/work_items/588413
https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-1752 | GitLab Enterprise Edition up to 18.8.8/18.9.4/18.10.2 authorization

→ No new info (linked only)

CVSS 3.14.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

18.8.918.9.518.10.3

CWECWE-863

PublishedApr 8, 2026

Last enriched2h agov2

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-1516EXP

Improper Control of Generation of Code ('Code Injection') in GitLab

CRITICALCVE-2026-5173EXP

Exposed Dangerous Method or Function in GitLab

CRITICALCVE-2025-12664EXP

Improper Validation of Specified Quantity in Input in GitLab

HIGHCVE-2026-2104EXP

Authorization Bypass Through User-Controlled Key in GitLab

HIGHCVE-2025-9484

Missing Authorization in GitLab

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Patch Available

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: affectedVersions, severity

Apr 9, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated affected versions to include 18.8.8, 18.9.4, and 18.10.2, changed severity to HIGH, and noted no exploit available.

affectedVersionsseverity

via VulDB

v13h ago

Initial creation