CVE-2026-12053
Analyzed Analyzed - Analysis Complete

Insufficient Output Filtering in GitLab EE Duo Workflows

Vulnerability report for CVE-2026-12053, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: GitLab Inc.

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gitlab gitlab 19.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in GitLab EE versions from 19.1 before 19.1.1 involves insufficient output filtering in Duo Workflows. Under certain conditions, this flaw could allow a user to access sensitive information that had already been committed to a project.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information within a GitLab project. This means that users who should not have access might be able to view confidential data that was previously committed, potentially leading to data exposure.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-12053 in GitLab EE, you should upgrade your GitLab Enterprise Edition to version 19.1.1 or later, as this version contains the fix for the issue.

Compliance Impact

The vulnerability in GitLab EE (CVE-2026-12053) could allow a user to access sensitive information that had already been committed to a project due to insufficient output filtering in Duo Workflows. This exposure of sensitive data could potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to and protection of sensitive information.

Organizations using affected versions of GitLab EE should consider this vulnerability a risk to confidentiality requirements mandated by these standards and take prompt action to upgrade to the fixed version (19.1.1) to maintain compliance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart