FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
18.10.0 <= gitlab-ce < 18.10.3
18.9.0 <= gitlab-ce < 18.9.5
11.3.0 <= gitlab-ce < 18.8.9
18.10.0 <= gitlab-ee < 18.10.3
18.9.0 <= gitlab-ee < 18.9.5
11.3.0 <= gitlab-ee < 18.8.9

Details

VuXML ID 099d4998-33cc-11f1-a7d1-2cf05da270f3
Discovery 2026-04-08
Entry 2026-04-09

Gitlab reports:

Exposed Method issue in websocket connections impacts GitLab CE/EE

Denial of Service issue in Terraform state lock API impacts GitLab CE/EE

Denial of Service issue in GraphQL API impacts GitLab CE/EE

Denial of Service issue in CSV import impacts GitLab CE/EE

Denial of Service issue in GraphQL SBOM API impacts GitLab EE

Code Injection issue in Code Quality reports impacts GitLab EE

Cross-site Scripting issue in analytics dashboards impacts GitLab EE

Incorrect Authorization issue in vulnerability flags AI detection API impacts GitLab EE

Information Disclosure issue in certain GraphQl query impacts GitLab EE

Improper Access Control issue in Environments API impacts GitLab EE

Information Disclosure issue in CSV export impacts GitLab CE/EE

Missing Authorization issue in custom role permissions impacts GitLab CE/EE

[source]

References

CVE Name CVE-2025-12664
CVE Name CVE-2025-9484
CVE Name CVE-2026-1092
CVE Name CVE-2026-1101
CVE Name CVE-2026-1403
CVE Name CVE-2026-1516
CVE Name CVE-2026-1752
CVE Name CVE-2026-2104
CVE Name CVE-2026-2619
CVE Name CVE-2026-4332
CVE Name CVE-2026-4916
CVE Name CVE-2026-5173
URL https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.