PT-2026-40858 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2026-1322

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.0 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description Improper authorization allows an authenticated user possessing a read api scoped OAuth application to create issues and add comments to issues within private projects.
Recommendations Update to version 18.9.7 Update to version 18.10.6 Update to version 18.11.3

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07012
BIT-GITLAB-2026-1322
CVE-2026-1322

Affected Products

Gitlab Ce/Ee