By vendor
Gitlab vulnerabilities
Known CVEs affecting Gitlab products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-9807MEDIUM 4.3
GitLab has patched a flaw in its Community and Enterprise editions where a Project Access Token that was supposed to be blocked could still access private project resources. This happened because the authorization checks weren't applied correctly when a token was revoked or blocked. An authenticated user with permissions to create or manage tokens could potentially exploit this before the fix was released, though the vulnerability requires prior login access and the attacker would need knowledge of or ability to create a blocked token.