{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1747", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-02-01T18:33:18.805Z", "datePublished": "2026-02-25T20:04:49.893Z", "dateUpdated": "2026-02-26T15:39:03.951Z"}, "containers": {"cna": {"title": "Authentication Bypass Using an Alternate Path or Channel in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "17.11", "status": "affected", "lessThan": "18.7.5", "versionType": "semver"}, {"version": "18.8", "status": "affected", "lessThan": "18.8.5", "versionType": "semver"}, {"version": "18.9", "status": "affected", "lessThan": "18.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588385", "name": "GitLab Issue #588385", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3533088", "name": "HackerOne Bug Bounty Report #3533088", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.7.5, 18.8.5, 18.9.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [modhanami](https://hackerone.com/modhanami) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-02-25T20:04:49.893Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:38:24.259525Z", "id": "CVE-2026-1747", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:39:03.951Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1747", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:38:24.259525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:38:37.628Z"}}], "cna": {"title": "Authentication Bypass Using an Alternate Path or Channel in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [modhanami](https://hackerone.com/modhanami) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "17.11", "lessThan": "18.7.5", "versionType": "semver"}, {"status": "affected", "version": "18.8", "lessThan": "18.8.5", "versionType": "semver"}, {"status": "affected", "version": "18.9", "lessThan": "18.9.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.7.5, 18.8.5, 18.9.1 or above."}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588385", "name": "GitLab Issue #588385", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3533088", "name": "HackerOne Bug Bounty Report #3533088", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/"}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-02-25T20:04:49.893Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1747", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:39:03.951Z", "dateReserved": "2026-02-01T18:33:18.805Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-02-25T20:04:49.893Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "A9505ACB-A00F-4F5C-92D1-15F6C8A91924", "versionEndExcluding": "18.7.5", "versionStartIncluding": "17.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "62456409-25CE-4B6B-A0A4-FF6BFDC693F2", "versionEndExcluding": "18.7.5", "versionStartIncluding": "17.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "432C7223-F8B6-4EBA-84E2-2BB8A0F367D2", "versionEndExcluding": "18.8.5", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "630677C7-21EB-4E91-BB15-4610DCD22F98", "versionEndExcluding": "18.8.5", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.9.0:*:*:*:community:*:*:*", "matchCriteriaId": "795727F0-1B38-483F-BEE8-FB252EE57AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "73CCBA34-57C3-454D-A898-5D216EE1D5E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages."}, {"lang": "es", "value": "GitLab ha remediado un problema en GitLab EE que afectaba a todas las versiones desde la 17.11 anteriores a la 18.7.5, la 18.8 anteriores a la 18.8.5, y la 18.9 anteriores a la 18.9.1 que, bajo ciertas condiciones, podr\u00eda haber permitido a usuarios con rol de Desarrollador con privilegios insuficientes realizar modificaciones no autorizadas a paquetes Conan protegidos."}], "id": "CVE-2026-1747", "lastModified": "2026-02-28T01:05:55.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-02-25T21:16:36.993", "references": [{"source": "cve@gitlab.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/588385"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/3533088"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "cve@gitlab.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[17.11,18.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[18.8,18.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[18.9,18.9.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-17T14:56:12.935072+00:00", "value": {"mitigation_remediation": ["Upgrade GitLab EE or EE Community to version 18.7.5, 18.8.5, 18.9.1 or any newer release provided by the vendor", "Verify that all protected Conan packages are configured to require higher\u2011level permissions for modification", "Audit user roles and reduce unnecessary Developer access on repositories that expose protected packages"], "summary": {"action": "Apply Patches", "impact": "Unauthorized modification of protected packages by users with insufficient privileges"}, "threat_synthesis": {"affected_systems": "The vulnerability affects GitLab Enterprise Edition and Community Edition across all major releases starting with 17.11 up to before 18.7.5, from 18.8 before 18.8.5, and from 18.9 before 18.9.1. Restoring to any of the patched releases \u2013 18.7.5, 18.8.5, 18.9.1 or later \u2013 eliminates the weakness.", "description_and_impact": "GitLab experienced an authentication bypass flaw that could let users holding a Developer role modify protected Conan packages without proper authorization. The defect originates from the handling of alternate paths or channels that bypass normal permission checks. If exploited, it would allow a non-admin user to alter package metadata or contents, potentially compromising downstream users and systems that rely on those packages.", "risk_and_exploitability": "The CVSS v3.1 base score is 4.3, placing the issue in the moderate range. EPSS indicates the exploitation probability is below 1\u2009%. The flaw is not currently listed in the CISA KEV catalog. Exploitation would require an attacker to be a Developer\u2011role user on a vulnerable instance and to access the vulnerable package management interface or API path that triggers the bypass. No additional host, network, or local prerequisites are required beyond legitimate user credentials."}}}}, "created": "2026-02-26T13:14:45.935114+00:00", "updated": "2026-04-17T15:00:11.031657+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}