CVE-2026-3073
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2026-05-14
Last updated on: 2026-05-16
Assigner: GitLab Inc.
Description
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to improper authorization checks.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 17.6.0 (inc) to 18.9.7 (exc) |
| gitlab | gitlab | From 18.10.0 (inc) to 18.10.6 (exc) |
| gitlab | gitlab | From 18.11.0 (inc) to 18.11.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70