FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- vulnerabilities

Affected packages
18.9.0 <= gitlab-ce < 18.9.2
18.8.0 <= gitlab-ce < 18.8.6
1.0.0 <= gitlab-ce < 18.7.6
18.9.0 <= gitlab-ee < 18.9.2
18.8.0 <= gitlab-ee < 18.8.6
1.0.0 <= gitlab-ee < 18.7.6

Details

VuXML ID 0236eab0-1d62-11f1-88f8-2cf05da270f3
Discovery 2026-03-11
Entry 2026-03-11

Gitlab reports:

Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE

Denial of Service issue in GraphQL API impacts GitLab CE/EE

Denial of Service issue in repository archive endpoint impacts GitLab CE/EE

Denial of Service issue in protected branches API impacts GitLab CE/EE

Denial of Service issue in webhook custom headers impacts GitLab CE/EE

Denial of Service issue in webhook endpoint impacts GitLab CE/EE

Improper Neutralization of CRLF Sequences issue impacts GitLab CE/EE

Improper Access Control issue in runners API impacts GitLab CE/EE

Improper Access Control issue in snippet rendering impacts GitLab CE/EE

Information Disclosure issue in inaccessible issues impacts GitLab CE/EE

Missing Authorization issue in Group Import impacts GitLab CE/EE

Incorrect Reference issue in repository download impacts GitLab CE/EE

Incorrect Authorization issue in Virtual Registry impacts GitLab EE

Improper Escaping of Output issue in Datadog integration impacts GitLab CE/EE

[source]

References

CVE Name CVE-2025-12555
CVE Name CVE-2025-12576
CVE Name CVE-2025-12697
CVE Name CVE-2025-12704
CVE Name CVE-2025-13690
CVE Name CVE-2025-13929
CVE Name CVE-2025-14513
CVE Name CVE-2026-0602
CVE Name CVE-2026-1069
CVE Name CVE-2026-1090
CVE Name CVE-2026-1230
CVE Name CVE-2026-1663
CVE Name CVE-2026-1732
CVE Name CVE-2026-3848
URL https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.