These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-1338 is a medium-severity authorization issue in GitLab CE/EE. According to the advisory text, an authenticated user with developer-role permissions could delete protected container registry tags because of improper authorization checks. The affected ranges are GitLab 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The issue is recorded with CVSS 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/ [truncated]
GitLab has remediated an authorization issue in GitLab CE/EE that could have allowed an authenticated user with a read_api-scoped OAuth application to create issues and add comments in private projects. The advisory covers GitLab versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. Although the CVSS score is Medium, the impact is meaningful for organizations that rely on priva [truncated]
GitLab remediated a high-severity denial-of-service issue in GitLab CE/EE that could be triggered by an unauthenticated attacker sending specially crafted JSON payloads. Affected releases include 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3.
CVE-2025-14869 describes a GitLab CE/EE availability issue where an unauthenticated attacker could send specially crafted payloads to certain API endpoints and trigger denial of service. GitLab’s remediation covers affected releases from 18.5 up to, but not including, 18.9.7, 18.10.6, and 18.11.3. Because the issue is network-exploitable and requires no authentication, exposed GitLab instances should trea [truncated]
GitLab remediated an authorization flaw in GitLab CE/EE that could allow an authenticated user with Guest permissions to view issues in projects they were not authorized to access. The issue is tracked as CVE-2025-13874 and was publicly disclosed on 2026-05-14. It affects GitLab CE/EE versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3.
GitLab has patched a medium-severity issue in GitLab CE/EE that could let an authenticated user inject HTML and JavaScript into email notifications sent to other users. The affected range is all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. The published CVSS vector indicates network reachability, low attack complexity, low privileges required, and user interaction required.