PT-2026-27809 · Gitlab · Gitlab Ce/Ee
Published
2026-03-25
·
Updated
2026-03-27
·
CVE-2026-1724
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 18.5 through 18.8.6
GitLab EE versions 18.9 through 18.9.2
GitLab EE versions 18.10 through 18.10.0
Description
An improper access control issue existed in GitLab EE that allowed an unauthenticated user to access API tokens of self-hosted AI models. The issue affected the access control mechanisms related to AI model API tokens.
Recommendations
Update GitLab EE to version 18.8.7 or later.
Update GitLab EE to version 18.9.3 or later.
Update GitLab EE to version 18.10.1 or later.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee