PT-2026-24702 · Gitlab+2 · Gitlab

Shells3C

Published

2026-03-11

Updated

2026-03-15

CVE-2026-3848

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.11 through 18.7.5 GitLab CE/EE versions 18.8 through 18.8.5 GitLab CE/EE versions 18.9 through 18.9.1

Description An issue in GitLab CE/EE could allow an authenticated user to make unintended internal requests through proxy environments. This is due to improper input validation within the import functionality.

Recommendations GitLab versions prior to 18.7.6 should be updated. GitLab versions prior to 18.8.6 should be updated. GitLab versions prior to 18.9.2 should be updated.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

BIT-GITLAB-2026-3848

CVE-2026-3848

Affected Products

Gitlab

PT-2026-24702 · Gitlab+2 · Gitlab

CVE-2026-3848

Weakness Enumeration

Related Identifiers

Affected Products

References · 9