GitLab Multiple Vulnerabilities
CSIRTS triage
- What
- Multiple vulnerabilities have been discovered in GitLab.
- Who is affected
- Users of GitLab products.
- Urgency
- Remediation is necessary, but the severity is currently unknown.
- Action
- Users should monitor for updates and advisories.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20260625
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-09340.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-16060.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-22380.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-31760.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-53090.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-57960.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-59520.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-83300.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-100860.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-107120.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-0934 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-1606 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2238 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-3176 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5309 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5796 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5952 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-8330 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-10086 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-10712 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-11379 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-12053 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-12635 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
More from HKCERT Security Bulletins
- unknownJuniper Junos OS Multiple Vulnerabilities2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilities2026-07-09
- unknownPalo Alto Products Multiple Vulnerabilities2026-07-09
- unknownBeyondTrust Products Multiple Vulnerabilities2026-07-08
- unknownApple Products Multiple Vulnerabilities2026-07-06