A vulnerability marked as critical has been reported in GitLab Community Edition and Enterprise Edition up to 18.8.8/18.9.4/18.10.2. This affects an unknown part of the component Websocket Connection Handler. This manipulation causes exposed dangerous routine. The identification of this vulnerability is CVE-2026-5173. It is possible to initiate the attack remotely.
| Vendor | Product | Versions |
|---|---|---|
| gitlab | gitlab | 16.9.6, 18.9, 18.10, 18.8.8, 18.9.4, 18.10.2 |
Updated severity to CRITICAL, added new affected versions, and corrected exploit availability status.
Initial creation
