GitLab Patch Release: 19.1.1, 19.0.3, 18.11.6
CSIRTS triage
- What
- Patch releases contain important bug and security fixes.
- Who is affected
- Self-managed GitLab installations.
- Urgency
- Immediate remediation is recommended to ensure security.
- Action
- Users should upgrade to GitLab versions 19.1.1, 19.0.3, or 18.11.6.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch GitLab Community Edition and Enterprise Edition
Get an email when a new GitLab Community Edition and Enterprise Edition advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-100860.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-107120.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-120530.33% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 25% of all scored CVEs.
- Low exploitation riskCVE-2026-53090.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-22380.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-113790.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-83300.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
- Low exploitation riskCVE-2026-16060.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-59520.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-57960.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-10086 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-10712 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-12053 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5309 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2238 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-11379 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-8330 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-1606 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5952 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-5796 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-0934 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-3176 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-12635 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownNCSC-2026-0211 [1.00] [M/H] Vulnerabilities fixed in GitLab Community Edition and Enterprise Editionncsc-nl
- unknownGitLab Multiple Vulnerabilitieshkcert
- unknownMultiple vulnerabilities in GitLab (June 25, 2026)cert-fr-avis
Recent advisories for GitLab Patch Release
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalGitLab Patch Release: 19.1.2, 19.0.4, 18.11.7gitlab · 2026-07-08
- unknownGitLab Patch Release: 18.8.11gitlab · 2026-07-01
- unknownGitLab patch release notesgitlab · 2026-07-01
- criticalGitLab Patch Release: 19.0.2, 18.11.5, 18.10.8gitlab · 2026-06-10
- unknownGitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7gitlab · 2026-05-27
- criticalGitLab Patch Release: 19.0.1, 18.11.4, 18.10.7gitlab · 2026-05-27
More from GitLab Security Releases
- criticalGitLab Patch Release: 19.1.2, 19.0.4, 18.11.72026-07-08
- unknownGitLab Patch Release: 18.8.112026-07-01
- unknownGitLab patch release notes2026-07-01
- criticalGitLab Patch Release: 19.0.2, 18.11.5, 18.10.82026-06-10
- unknownGitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.72026-05-27