Authorization Bypass Through User-Controlled Key in GitLab_CVE-2026-1080

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.

Basic Information

ID CVE-2026-1080

Source GitLab

Published Feb 11, 2026 at 11:33

Affected Product

Vendor GitLab

Product GitLab

Version 16.7

Affected Versions GitLab GitLab 16.7
GitLab GitLab 18.7
GitLab GitLab 18.8

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint.",
    "published": "2026-02-11T11:33:41.565Z",
    "modified": "2026-02-11T11:33:41.565Z",
    "type": "cve",
    "title": "Authorization Bypass Through User-Controlled Key in GitLab",
    "source": "GitLab",
    "references": "https://gitlab.com/gitlab-org/gitlab/-/issues/586477\nhttps://hackerone.com/reports/3484568\nhttps://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/",
    "id": "CVE-2026-1080",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 16.7\nGitLab GitLab 18.7\nGitLab GitLab 18.8",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "16.7",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}