Primary

Context

GitLab EE Incorrect Authorization Vulnerability in Virtual Registry

Vulnerability

Patched

A vulnerability exists in GitLab Enterprise Edition (EE) versions 18.2 prior to 18.7.6, 18.8 prior to 18.8.6, and 18.9 prior to 18.9.2. This vulnerability allows an authenticated user to access Virtual Registry data in groups where they are not members, due to improper authorization under certain conditions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to Virtual Registry data in certain groups.

Remediation

Users are advised to upgrade to GitLab EE versions 18.9.2, 18.8.6, or 18.7.6.

Added: Mar 11, 2026, 4:31 PM

Updated: Mar 11, 2026, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.2

remediation

7.7

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.2

remediation

7.7

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Incorrect Authorization Vulnerability in Virtual Registry

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating