GitLab
Moderate fix3 remedies
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*, +2 more
Moderate fix3 remedies
- >= 18.2, < 18.6.6
- >= 18.7, < 18.7.4
- >= 18.8, < 18.8.4
GitLab CE/EE Incomplete Validation Vulnerability in Web IDE Allows Token Theft and Repository Access
Vulnerability
Patched
A vulnerability exists in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 18.2 prior to 18.6.6, 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. This vulnerability could have permitted an unauthenticated user to steal tokens and access private repositories by exploiting incomplete validation in the Web Integrated Development Environment (IDE).
Impact
Exploitation of this vulnerability could lead to unauthorized access to private repositories and the ability to steal tokens, potentially allowing for further exploitation or access within GitLab.
Remediation
Users are advised to upgrade to GitLab versions 18.8.4, 18.7.4, or 18.6.6. Instructions for updating GitLab can be found on the GitLab Update page. For GitLab Runner, refer to the Updating the Runner page.
Added: Feb 11, 2026, 12:27 PM
Updated: Feb 11, 2026, 4:32 PM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
2.5exploitability
7.4remediation
7.7relevance
3.0threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.