VYPR
Medium severity4.3NVD Advisory· Published May 28, 2026· Updated May 29, 2026

CVE-2026-9807

CVE-2026-9807

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization enforcement.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • GitLab Inc./GitLabreferences5 versions
    (expand)+ 4 more
    • (no CPE)
    • cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:community:*:*:*
    • cpe:2.3:a:gitlab:gitlab:19.0.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*range: >=18.9.0,<18.10.7
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*range: >=18.9.0,<18.10.7
  • Range: >=18.9 <18.10.7, >=18.11 <18.11.4, >=19.0 <19.0.1
  • osv-coords
    Range: >= 18.9.0, < 18.10.7

Patches

Vulnerability mechanics

References

2

News mentions

1