Primary

Context

GitLab EE Information Disclosure Vulnerability via GraphQL Queries

Vulnerability

Patched

A vulnerability in GitLab Enterprise Edition (EE) has been addressed, affecting versions 16.6 prior to 18.8.9, 18.9 prior to 18.9.5, and 18.10 prior to 18.10.3. This vulnerability could have allowed an authenticated user to access other users' email addresses through specific GraphQL queries under certain circumstances.

Impact

Exploitation of this vulnerability could lead to unauthorized access to users' email addresses.

Remediation

Users are strongly advised to upgrade to GitLab versions 18.10.3, 18.9.5, or 18.8.9. Instructions for updating GitLab can be found on the GitLab Update page. Note that the SLES 12.5 packages for 18.10.3 and 18.9.5 are not present in this release.

Added: Apr 9, 2026, 12:28 AM

Updated: Apr 9, 2026, 12:28 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Information Disclosure Vulnerability via GraphQL Queries

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating