Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-3988

gitlab · gitlab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a d

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.

Affected Products

Vendor	Product	Versions
gitlab	gitlab	< 18.8.7, < 18.8.7, < 18.9.3, < 18.9.3

References

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/(Release Notes, Vendor Advisory)
https://gitlab.com/gitlab-org/gitlab/-/work_items/593140(Broken Link)
https://hackerone.com/reports/3597342(Permissions Required, Exploit)

Related News (2 articles)

Tier D

Heise Security4d ago

Sicherheitsupdates GitLab: Angreifer können E-Mail-Adressen hinterlegen

→ No new info (linked only)

Tier B

CERT-FR5d ago

Multiples vulnérabilités dans GitLab (25 mars 2026)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-407

Published3/25/2026

Last enriched3d ago

Tags

multiple_vulnerabilitiesfile_manipulationsecurity_bypassdenial_of_serviceinformation_disclosurecross_site_scripting

Trending Score28

Source articles4

Independent4

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-2370EXP

Improper Handling of Parameters in GitLab

HIGHCVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addr

MEDIUMCVE-2026-2726

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform un

MEDIUMCVE-2026-1724

Missing Authentication for Critical Function in GitLab

MEDIUMCVE-2026-2973

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arb

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 25, 2026

Patch Available

Mar 26, 2026

Discovered by ZDM

Mar 26, 2026