Back to VulnFeed / CVE-2026-9807
root@hackertop:~/vulnfeed/CVE-2026-9807#
CVE-2026-9807 MEDIUM CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

GitLab Community Edition/Enterprise Edition up to 18.10.6/18.11.3/19.0.0 Access Token authorization

目标组件 2026-05-28 Impact pending confirmation
LIFECYCLE
4.2 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 18.10.6/18.11.3/19.0.0 (Bug Tracking Software). Affected is some unknown processing of the component Access Token Handler. Upgrading to version 18.10.7, 18.11.4 or 19.0.1 eliminates this vulnerability. The upgrade is hosted for download at about.gitlab.com.
Root Cause Analysis
CWE is classifying the issue as CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Impact: This is going to have an impact on confidentiality.

Countermeasure: Upgrading to version 18.10.7, 18.11.4 or 19.0.1 eliminates this vulnerability. The upgrade is hosted for download at about.gitlab.com.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-9807 · CVSS 4.2 · Active Threat