CVE-2026-1322

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to improper authorization.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab16.0 < 18.9.7affected
GitLabGitLab18.10 < 18.10.6affected
GitLabGitLab18.11 < 18.11.3affected

Weaknesses

  • CWE-840: CWE-840: Business Logic Errors

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References