In Sonatype Nexus Repository versions 3.22.1 through 3.90.2 critical severity vulnerability CVE-2026-3199 was detected. This vulnerability allows authenticated attackers with task creation permissions to execute arbitrary code by bypassing the nexus.scripts.allowCreation security control via task property injection. To address this issue users must upgrade to 3.91.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3199.
Read more Developer ToolsIn GitLab CE/EE versions 12.10 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2026-1092 was detected. This vulnerability allows unauthenticated users to cause denial of service (DoS) due to improper input validation of JSON payloads. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1092.
Read more Developer ToolsIn GitLab CE/EE versions 13.0 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a high severity vulnerability CVE-2025-12664 was detected. This vulnerability allows unauthenticated users to cause denial of service (DoS) by sending repeated GraphQL queries due to improper input validation and request handling. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12664.
Read more Developer ToolsIn GitLab EE versions 16.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2025-9484 was detected. This vulnerability allows authenticated users to access other users’ email addresses via certain GraphQL queries due to missing authorization checks. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9484.
Read more Developer ToolsIn GitLab EE versions 18.0.0 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-1516 was detected. This vulnerability allows authenticated users to leak IP addresses of other users viewing Code Quality reports via specially crafted report content due to improper handling of generated code. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1516.
Read more Developer ToolsIn GitLab EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-1101 was detected. This vulnerability allows authenticated users to cause denial of service (DoS) to the GitLab instance due to improper input validation in GraphQL queries. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1101.
Read more Developer ToolsIn GitLab CE/EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a low severity vulnerability CVE-2026-4916 was detected. This vulnerability allows authenticated users with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations. To address this issue, users should upgrade GitLab CE/EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4916.
Read more Developer Toolsp>In GitLab EE versions 18.2 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-4332 was detected. This vulnerability allows authenticated users to execute arbitrary JavaScript in other users’ browsers via customizable analytics dashboards due to improper input sanitization. To address this issue, users should upgrade GitLab to versions EE 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4332.
Read more Developer ToolsIn GitLab EE versions 18.6 up to before 18.8.9, 18.9 up to before 18.9.5, and 18.10 up to before 18.10.3 a medium severity vulnerability CVE-2026-2619 was detected. This vulnerability allows authenticated users with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization under certain conditions. To address this issue, users should upgrade GitLab EE to versions 18.8.9, 18.9.5, or 18.10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2619.
Read more Developer Tools