PT-2026-40879 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-15

·

CVE-2026-8144

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description An issue exists where an authenticated user with project membership can enumerate private group members. This occurs due to missing authorization checks.
Recommendations Update versions 15.1 through 18.9.6 to version 18.9.7. Update versions 18.10 through 18.10.5 to version 18.10.6. Update versions 18.11 through 18.11.2 to version 18.11.3.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-GITLAB-2026-8144
CVE-2026-8144

Affected Products

Gitlab Ce/Ee