VYPR
← All advisories
Medium severity5.3NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-6713

CVE-2026-6713

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GitLab CE/EE versions 18.2 to 18.10.6, 18.11 to 18.11.3, and 19.0.0 allow unauthorized users to enumerate private projects due to incorrect authorization checks.

Vulnerability

An incorrect authorization check in GitLab CE/EE allows unauthorized users to enumerate private projects. The vulnerability affects all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 [1].

Exploitation

An attacker with network access to a GitLab instance and no authentication can exploit this flaw by sending specially crafted requests to the affected endpoints. The incorrect authorization checks fail to properly verify project visibility, enabling the attacker to enumerate private projects [1].

Impact

Successful exploitation results in information disclosure: an attacker can discover the existence of private projects. This may lead to further targeted attacks or exposure of sensitive project metadata [1].

Mitigation

GitLab has released fixed versions: 18.10.7, 18.11.4, and 19.0.1. Users should upgrade to these versions or later. No workaround is available [1].

References
  1. GitLab release notes | GitLab Docs

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

1