GitLab Security Updates: Attackers can add email addresses
The development environment GitLab is vulnerable through several security gaps. Admins should update their installations to the current version.
(Image: VideoFlow/Shutterstock.com)
GitLab Community Edition (CE) and Enterprise Edition (EE) are vulnerable. Those who host GitLab instances themselves should quickly install the available security patches. Repaired versions are reportedly already running on Gitlab.com.
Multiple Attack Vectors
In a warning message, the developers list the secured versions 18.10.1, 18.9.3, and 18.8.7. Younger versions are susceptible to attacks, and attackers can exploit twelve vulnerabilities. Four of these are classified as "high" threat level (CVE-2026-2370, CVE-2026-3857, CVE-2026-2995, CVE-2026-3988).
If attackers successfully exploit these vulnerabilities, they can, among other things, trigger DoS states or add email addresses to existing user accounts. The remaining gaps weaken authentication, among other things (e.g., CVE-2026-2726 "medium").
Videos by heise
The software manufacturer advises a swift update. So far, there are no reports that attackers are already exploiting the vulnerabilities.
(des)
