Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization.
Published: 2026-06-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GitLab has a flaw where a lack of proper sanitization can allow an authenticated user to trigger a denial‑of‑service on the CI/CD Catalog page. The vulnerability is a classic example of CWE‑1021, resulting in an interruption of service rather than disclosure or modification of data. Attackers who can log in to a GitLab instance can cause the catalog page to repeatedly fail to render, potentially halting build and deployment workflows.

Affected Systems

All GitLab Community Edition and Enterprise Edition releases from version 17.0 up to 18.10.7, from 18.11.0 up to 18.11.4, and from 19.0.0 up to 19.0.1 are affected. The CVE notes that versions before 18.10.8, 18.11.5, and 19.0.2 contain the issue.

Risk and Exploitability

The CVSS score is 4.3, placing the flaw in the moderate range. No EPSS value is listed, so exploitation likelihood cannot be quantified, and the vulnerability is not currently in CISA’s KEV catalog. Because the attack requires authentication, the threat is limited to users who already have valid credentials, but the impact can disrupt automated pipelines and hinder availability for teams relying on the catalog feature. The risk is moderate due to the combination of moderate severity and restricted attack surface.

Generated by OpenCVE AI on June 11, 2026 at 12:25 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above.

OpenCVE Recommended Actions

  • Upgrade GitLab to version 18.10.8, 18.11.5, 19.0.2 or a newer release.
  • If an upgrade is not immediately possible, consider disabling the CI/CD Catalog feature for authenticated users or applying an access control restriction to limit who can view the page.
  • Monitor application logs for repeated rendering failures or errors on the cat​​alog page to detect exploitation attempts early.

Generated by OpenCVE AI on June 11, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization.
Title Improper Restriction of Rendered UI Layers or Frames in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-1021
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-06-11T12:40:20.729Z

Reserved: 2026-06-03T12:34:00.436Z

Link: CVE-2026-10733

cve-icon Vulnrichment

Updated: 2026-06-11T12:40:17.263Z

cve-icon NVD

Status : Received

Published: 2026-06-11T12:16:30.950

Modified: 2026-06-11T12:16:30.950

Link: CVE-2026-10733

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T13:30:14Z

Weaknesses
  • CWE-1021

    Improper Restriction of Rendered UI Layers or Frames