CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GitLab security advisory (AV26-677)

unknown
Serial number: AV26-677 Date: July 8, 2026 On July 8, 2026, GitLab published a security advisory to address vulnerabilities in the following products: GitLab Community Edition (CE) – versions prior to 19.1.2, 19.0.4 and 18.11.7 GitLab Enterprise Edition (EE) – versions prior to 19.1.2, 19.0.4 and 18.11.7 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7 GitLab Releases

CSIRTS triage

vendor: GitLabproduct: GitLab Community Editionaffected: prior to 19.1.2, 19.0.4 and 18.11.7
What
There are vulnerabilities in GitLab Community and Enterprise Editions.
Who is affected
Users of GitLab CE and EE versions prior to 19.1.2, 19.0.4, and 18.11.7 are affected.
Urgency
Remediation is necessary as vulnerabilities exist, but exploitation status is not confirmed.
Action
Users should upgrade to GitLab versions 19.1.2, 19.0.4, or 18.11.7.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch GitLab Community Edition

Get an email when a new GitLab Community Edition advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
unknown
Published
2026-07-08
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/gitlab-security-advisory-av26-677

More from Canadian Centre for Cyber Security