GitLab CE/EE Patches 11 Vulnerabilities Including 3 High Severity
Summary
The Italian national CSIRT published Alert AL04/260423/CSIRT-ITA on 23 April 2026, disclosing that GitLab released security updates resolving 11 vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). Three of these carry 'high' severity: CVE-2026-4922, CVE-2026-5816, and CVE-2026-5262, involving arbitrary code execution and security restrictions bypass. Affected versions span 16.1 through 18.11.x. The alert assigns a medium system-impact score of 64.23.
“Rilasciati aggiornamenti di sicurezza che risolvono 11 vulnerabilità, di cui 3 con gravità "alta", in GitLab Community Edition (CE) ed Enterprise Edition (EE).”
About this source
GovPing monitors Italy CSIRT Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 15 changes logged to date.
What changed
GitLab released security updates patching 11 vulnerabilities across Community Edition and Enterprise Edition. Three vulnerabilities are classified as high severity, involving arbitrary code execution and security restrictions bypass. Affected versions span from 16.1 through 18.11.x (specifically 18.11.x < 18.11.1, 18.10.x < 18.10.4, and 18.9.x < 18.9.6).
Organisations operating self-hosted GitLab instances should update immediately to the patched versions referenced in the vendor security bulletin. Failure to patch exposes systems to arbitrary code execution and potential security-control bypass, with a medium system-impact score of 64.23 assigned by CSIRT-ITA.
What to do next
- Update vulnerable products following the vendor's security bulletin
Archived snapshot
Apr 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Risolte vulnerabilità su GitLab CE/EE
**
Alert**
AL04/260423/CSIRT-ITA
Condividi
- Facebook
- Twitter
- LinkedIn
- Whatsapp
Sintesi
Rilasciati aggiornamenti di sicurezza che risolvono 11 vulnerabilità, di cui 3 con gravità “alta”, in GitLab Community Edition (CE) ed Enterprise Edition (EE).
Tipologia
- Arbitrary Code Execution
- Security Restrictions Bypass
Prodotti e/o versioni affette
GitLab Community Edition (CE) ed Enterprise Edition (EE)
- 18.11.x, versioni precedenti alla 18.11.1
- 18.10.x, versioni precedenti alla 18.10.4
- 18.9.x, versioni precedenti alla 18.9.6
- tutte le versioni dalla 16.1 alla 18.9.6 (esclusa)
Azioni di mitigazione
In linea con le dichiarazioni del vendor, si raccomanda di aggiornare i prodotti vulnerabili seguendo le indicazioni del bollettino di sicurezza riportato nella sezione Riferimenti.
Di seguito sono riportate le sole CVE relative alle vulnerabilità con gravità “alta”:
CVE (3)
Cerca:
| CVE | POC | EXPLOITATION |
| --- | --- | --- |
| CVE-2026-4922 | - | - |
| CVE-2026-5816 | - | - |
| CVE-2026-5262 | - | - |
Riferimenti (1)
Change log
| Versione | Note | Data |
|---|---|---|
| 1.0 | Pubblicato il 23-04-2026 | 23/04/2026 |
Impatto sistemico
Medio (64.23)
Argomenti
Data pubblicazione
23/04/26 ore 15:58
Data Ultimo Aggiornamento
23/04/26 ore 15:58
Related changes
Get daily alerts for Italy CSIRT Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CSIRT-ITA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Italy CSIRT Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.