Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.
Published: 2026-06-11
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GitLab's repository import function could allow an authenticated user to supply a secondary URL that triggers a server‑side request to the internal Gitaly service. The lack of validation enabled the attacker to read arbitrary files from the Gitaly server and to access internal network resources. This flaw can be used to exfiltrate confidential data and potentially discover other servers on the internal network.

Affected Systems

GitLab GitLab is affected in all Community Edition and Enterprise Edition releases from 18.10 prior to 18.10.8, from 18.11 prior to 18.11.5, and from 19.0 prior to 19.0.2.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a valid authenticated session and occurs during repository import, making it a targeted threat. Because only authenticated users can trigger the import, the risk is limited to accounts with import privileges. Attackers could use this to read internal files and probe the internal network once the import feature is triggered.

Generated by OpenCVE AI on June 11, 2026 at 12:24 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above.

OpenCVE Recommended Actions

  • Upgrade GitLab to version 18.10.8, 18.11.5, 19.0.2, or later, as released by the vendor.
  • If an upgrade cannot be performed immediately, disable the repository import feature to prevent exploitation until the patch is applied.
  • Review and tighten access controls on repository import so that only trusted users can use the feature, and verify that internal Gitaly endpoints are not exposed to untrusted networks.

Generated by OpenCVE AI on June 11, 2026 at 12:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitlab gitlab
Vendors & Products Gitlab gitlab

Thu, 11 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.
Title Server-Side Request Forgery (SSRF) in GitLab
First Time appeared Gitlab
Gitlab gitaly
Weaknesses CWE-918
CPEs cpe:2.3:a:gitlab:gitaly:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitaly
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Gitlab Gitaly Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-06-11T12:38:17.055Z

Reserved: 2026-05-21T16:33:36.260Z

Link: CVE-2026-9204

cve-icon Vulnrichment

Updated: 2026-06-11T12:38:12.916Z

cve-icon NVD

Status : Received

Published: 2026-06-11T12:16:32.983

Modified: 2026-06-11T12:16:32.983

Link: CVE-2026-9204

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T13:00:14Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)