CVE Vulnerabilities

CVE-2026-11827

Insufficiently Protected Credentials

Published: Jul 08, 2026 | Modified: Jul 09, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.9 MODERATE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another users stored credentials due to improper authorization controls.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

NameVendorStart VersionEnd Version
GitlabGitlab9.5.0 (including)18.11.7 (excluding)
GitlabGitlab19.0.0 (including)19.0.4 (excluding)
GitlabGitlab19.1.0 (including)19.1.2 (excluding)
GitlabUbuntuesm-apps-legacy/xenial*

Potential Mitigations

References