PT-2026-40877 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-15

·

CVE-2026-7471

CVSS v3.1

3.5

Low

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.8 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2
Description Improper validation allows an authenticated user who controls a virtual registry upstream to make requests to internal hosts.
Recommendations Update versions 18.8 through 18.9.6 to 18.9.7. Update versions 18.10 through 18.10.5 to 18.10.6. Update versions 18.11 through 18.11.2 to 18.11.3.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-GITLAB-2026-7471
CVE-2026-7471

Affected Products

Gitlab Ce/Ee