PT-2026-40862 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2026-3074

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description Improper access control allows an unauthenticated user to download private debugging symbols from projects they cannot access.
Recommendations Update versions 16.7 through 18.9.6 to 18.9.7. Update versions 18.10 through 18.10.5 to 18.10.6. Update versions 18.11 through 18.11.2 to 18.11.3.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07016
BIT-GITLAB-2026-3074
CVE-2026-3074

Affected Products

Gitlab Ce/Ee