In GitLab CE/EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-2104 was detected. This vulnerability allows authenticated users to access confidential issues assigned to other users via CSV export due to insufficient authorization checks. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2104.
Read more Developer ToolsIn GitLab EE versions 11.3 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-1752 was detected. This vulnerability allows authenticated users with developer-role permissions to modify protected environment settings due to improper authorization checks in the API. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1752.
Read more Developer ToolsIn GitLab CE/EE versions 16.9.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2026-5173 was detected. This vulnerability allows authenticated users to invoke unintended server-side methods through WebSocket connections due to improper access control. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-5173.
Read more Developer ToolsIn Gitlab versions all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 a high severity vulnerability CVE-2026-2370 was detected. An improper authorization check in Jira Connect installations could allow an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the application. To address this issue, users should update Gitlab to versions 18.8.7, 18.9.3, and 18.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2370.
Read more Developer ToolsIn Jenkins versions 2.442 through 2.554 and LTS versions 2.426.3 through 2.541.2 a high severity vulnerability CVE-2026-33002 was detected. This vulnerability allows attackers to bypass origin validation on the CLI WebSocket endpoint by exploiting DNS rebinding, due to origin checks relying on the Host or X-Forwarded-Host HTTP headers. To address this issue, users should upgrade Jenkins to versions beyond 2.554 or beyond LTS 2.541.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33002.
Read more Developer ToolsIn Jenkins versions 2.554 and earlier, and LTS versions 2.541.2 and earlier a high severity vulnerability CVE-2026-33001 was detected. This vulnerability allows attackers with Item/Configure permissions to write arbitrary files on the filesystem by exploiting unsafe symbolic link handling during the extraction of .tar and .tar.gz archives. To address this issue, users should upgrade Jenkins to versions beyond 2.555 or beyond LTS 2.541.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33001.
Read more Developer ToolsIn ZITADEL versions 4.0.0-rc.1 to 4.7.0 a critical severity vulnerability CVE-2026-29067 was detected. This vulnerability allows attackers to manipulate the Forwarded or X-Forwarded-Host header used in the password reset mechanism of Login V2, potentially constructing malicious password reset URLs that could lead to account takeover. To address this issue, users should upgrade ZITADEL to version 4.7.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29067.
Read more Developer ToolsIn ZITADEL versions 4.0.0 to 4.12.0 a high severity vulnerability CVE-2026-29193 was detected. This vulnerability allows attackers to bypass login behavior and security policies in the Login V2 UI, enabling self-registration of new accounts or signing in with a password even if these options were disabled in their organization. To address this issue, users should upgrade ZITADEL to version 4.12.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29193.
Read more Developer ToolsIn ZITADEL versions 4.0.0 to 4.11.1 a high severity vulnerability CVE-2026-29192 was detected. This vulnerability allows attackers to perform a stored cross-site scripting (XSS) attack via the Default URI Redirect in the Login V2 interface, potentially leading to account takeover. To address this issue, users should upgrade ZITADEL to version 4.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-29192.
Read more Developer Tools