Description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Published: 2026-03-25
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated access to API tokens of self-hosted AI models
Action: Patch Now
AI Analysis

Impact

GitLab Enterprise Edition contains an improper access control flaw that allows unauthenticated remote users to retrieve API tokens tied to self‑hosted AI models. The affected endpoint does not enforce authentication, enabling a malicious actor to read tokens that grant privileged interactions with the AI service. This flaw aligns with CWE‑306 and poses a risk of credential theft, potential data exfiltration, or unauthorized manipulation of the AI model's behavior.

Affected Systems

GitLab Enterprise Edition versions 18.5 through 18.8.6, all 18.9 releases prior to 18.9.3, and all 18.10 releases prior to 18.10.1 are vulnerable. Any installation of these versions that exposes the vulnerable API endpoint to the network is susceptible to exploitation.

Risk and Exploitability

The vulnerability has a CVSS score of 6.8, indicating moderate severity, and an EPSS score of less than 1 %, suggesting low current exploit probability. It is not listed in CISA's KEV catalog. Exploitation can occur over public or internal network connections that reach the GitLab instance; an unauthenticated HTTP request to the vulnerable API endpoint can reveal token values. Once obtained, the tokens can be used to perform privileged operations against the associated AI models, compromising confidentiality, integrity, or potentially enabling code execution depending on the model's capabilities.

Generated by OpenCVE AI on March 26, 2026 at 19:26 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.8.7, 18.9.3, 18.10.1 or above.

OpenCVE Recommended Actions

  • Upgrade to GitLab EE 18.8.7, 18.9.3, 18.10.1 or a later release that includes the fix.

Generated by OpenCVE AI on March 26, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:*

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Title Missing Authentication for Critical Function in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-306
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-27T14:59:15.608Z

Reserved: 2026-01-30T21:03:56.298Z

Link: CVE-2026-1724

cve-icon Vulnrichment

Updated: 2026-03-27T14:59:12.102Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T17:16:29.943

Modified: 2026-03-26T18:23:30.973

Link: CVE-2026-1724

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:30:21Z

Weaknesses