LOW✓ PATCH🇵🇱 Wersja polska

CVE-2026-9694

CVSS 2.6v3.1pub. 2026-06-11

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
  • GitLab

    APP
    Gitlab
    15.9.0 – 18.10.8 (bez)18.11.0 – 18.11.5 (bez)19.0.0 – 19.0.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
CI/CD
CWE
References

Related vulnerabilities

CVE-2023-7028CRITICAL10.0⚠ KEVPL ✓ten sam produkt

GitLab: Przejęcie konta przez reset hasła na niezweryfikowany e-mail

CVE-2021-22205CRITICAL10.0⚠ KEVten sam produkt

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properl...

CVE-2024-7102CRITICAL9.6PL ✓ten sam produkt

GitLab CE/EE: uruchomienie pipeline jako inny użytkownik (privilege escalation)

CVE-2024-9164CRITICAL9.6PL ✓ten sam produkt

GitLab EE: uruchamianie pipeline CI/CD na dowolnych gałęziach bez autoryzacji

CVE-2024-6678CRITICAL9.9PL ✓ten sam produkt

GitLab CE/EE — uruchomienie pipeline jako dowolny użytkownik (CWE-290)