PT-2026-40867 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2026-4527

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.10 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description Missing Cross-Site Request Forgery (CSRF) protection—a flaw where an attacker tricks a victim into performing actions they did not intend—could allow an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace using a specially crafted link.
Recommendations Update to version 18.9.7 Update to version 18.10.6 Update to version 18.11.3

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07020
BIT-GITLAB-2026-4527
CVE-2026-4527

Affected Products

Gitlab Ce/Ee