CVE-2026-11379

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab13.11 < 18.11.6affected
GitLabGitLab19.0 < 19.0.3affected
GitLabGitLab19.1 < 19.1.1affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References