CVE-2026-1747

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab17.11 < 18.7.5affected
GitLabGitLab18.8 < 18.8.5affected
GitLabGitLab18.9 < 18.9.1affected

Weaknesses

  • CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References