CVE-2026-1752

CVE Database · CVE-2026-1752

CVE-2026-1752

· MEDIUMAnalyzed

CVSS v3.1

4.3

EPSS

0.31%

Published

Apr 8, 2026

Modified

Apr 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-863

Affected Products (3)

gitlab · gitlab (up to 18.8.9)vulnerable

gitlab · gitlab (up to 18.9.5)vulnerable

gitlab · gitlab (up to 18.10.3)vulnerable

References (3)

https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/

Vendor AdvisoryRelease Notes

https://gitlab.com/gitlab-org/gitlab/-/work_items/588413

Broken Link

https://hackerone.com/reports/3533545

Permissions Required

KEV Catalog EPSS Scores Vendors All CVEs