CVE-2026-7492
EUVD-2026-4240608.07.2026, 21:16
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| gitlab | gitlab | 9.1 ≤ 𝑥 < 18.11.7 | CNA |
| gitlab | gitlab | 19.0 ≤ 𝑥 < 19.0.4 | CNA |
| gitlab | gitlab | 19.1 ≤ 𝑥 < 19.1.2 | CNA |
Common Weakness Enumeration