Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection.
Published: 2026-05-14
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GitLab has a missing CSRF protection that allows an unauthenticated attacker to craft a special link and trigger the creation of a Jira subscription on behalf of a targeted user's namespace. This flaw enables the addition of JIRA integrations without the owner’s consent, giving the attacker the ability to establish an unauthorized connection to the user’s JIRA environment.

Affected Systems

All GitLab Community and Enterprise Edition releases from 11.10 through 18.8, 18.9 up to but excluding 18.9.7, 18.10 up to 18.10.5, and 18.11 up to 18.11.2 are affected. The vulnerability is present in every build prior to the specified patched versions, regardless of downstream customizations.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity; no EPSS score is available and the flaw is not listed in CISA’s KEV catalog. Exploitation requires only that a victim click a malicious link, so the attack vector is web‑based and remote. The lack of physical or local privileges emphasizes the need for defensive measures, though the risk level remains moderate compared to higher‑severity threats.

Generated by OpenCVE AI on May 14, 2026 at 07:51 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.9.7, 18.10.6, 18.11.3 or above.

OpenCVE Recommended Actions

  • Upgrade GitLab to version 18.9.7, 18.10.6, or 18.11.3 or later to receive the CSRF fix
  • Disable any existing Jira subscriptions in affected namespaces and recreate them only after confirming the update
  • Use network segmentation and enforce authentication on all GitLab interfaces to reduce the likelihood that a crafted link can reach the integration endpoints

Generated by OpenCVE AI on May 14, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to missing CSRF protection.
Title Cross-Site Request Forgery (CSRF) in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-352
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-14T13:22:37.251Z

Reserved: 2026-03-20T20:33:50.858Z

Link: CVE-2026-4527

cve-icon Vulnrichment

Updated: 2026-05-14T13:22:32.475Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-14T06:16:23.810

Modified: 2026-05-15T19:56:04.503

Link: CVE-2026-4527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T10:00:12Z

Weaknesses