CVE-2026-1516NVD

Vulnerability Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.

Severity Level

MEDIUM(5.7)

Published Date

Apr 8, 2026

Last Modified

Apr 14, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-94: Code Injection ↗

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended syntax or behavior.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
https://gitlab.com/gitlab-org/gitlab/-/work_items/587893
https://hackerone.com/reports/3514461

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-1516NVD

Vulnerability Summary

External References