CVE-2026-11827
Received Received - Intake

GitLab EE Credential Exposure via Improper Authorization

Vulnerability report for CVE-2026-11827, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitLab Inc.

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
gitlab gitlab_ee From 9.5 (inc) to 18.11.7 (exc)
gitlab gitlab_ee From 19.0 (inc) to 19.0.4 (exc)
gitlab gitlab_ee From 19.1 (inc) to 19.1.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in GitLab EE affects versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2. Under certain conditions, it could allow an authenticated user with maintainer-role permissions to access another user's stored credentials due to improper authorization controls.

Compliance Impact

This vulnerability could allow an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.

Such unauthorized access to stored credentials may lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.

Therefore, this vulnerability potentially impacts compliance by exposing sensitive user credential data to unauthorized parties within the system.

Mitigation Strategies

To mitigate this vulnerability, update GitLab EE to a fixed version. Specifically, upgrade to version 18.11.7 or later if you are using the 18.11 series, 19.0.4 or later if using the 19.0 series, or 19.1.2 or later if using the 19.1 series.

This vulnerability affects versions from 9.5 before the fixed versions mentioned above and could allow an authenticated maintainer to access another user's stored credentials due to improper authorization controls.

Impact Analysis

The vulnerability could lead to unauthorized disclosure of stored credentials by a maintainer-role user, potentially compromising user accounts and sensitive information. This could result in unauthorized access to resources or data within the GitLab environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11827. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart