Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances.
Published: 2026-03-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

GitLab has remediated an issue that could allow authenticated users to disclose confidential issue titles due to improper filtering. The vulnerability (CWE-212) enables an attacker to view sensitive issue titles and potentially infer confidential information, compromising the confidentiality of project data.

Affected Systems

The affected products are GitLab Community and Enterprise editions. All versions from 12.6 up to 18.7.5, 18.8.5, and 18.9.1 are vulnerable. The issue is fixed in GitLab 18.7.6, 18.8.6, 18.9.2 and later releases.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑to‑moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. Because the flaw requires the attacker to be an authenticated user with access to the project, it is not a remote code execution flaw but still poses a confidentiality risk. It is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on March 17, 2026 at 14:57 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.7.6, 18.8.6, 18.9.2 or above.

OpenCVE Recommended Actions

  • Upgrade to GitLab 18.7.6, 18.8.6, 18.9.2 or newer
  • Verify that issue title visibility is confined to authorized users through configuration or testing

Generated by OpenCVE AI on March 17, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances.
Title Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-212
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-12T16:12:20.254Z

Reserved: 2026-02-01T07:33:30.380Z

Link: CVE-2026-1732

cve-icon Vulnrichment

Updated: 2026-03-12T16:12:15.912Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T16:16:22.987

Modified: 2026-03-13T13:23:22.517

Link: CVE-2026-1732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:28Z

Weaknesses