← volver
CVE-2026-4922

Cross-Site Request Forgery (CSRF) in GitLab

CVSS 8.1 HIGHEPSS 0.2%CWE-352
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Productos afectados
GitLab · GitLab
PoCs públicas encontradas1
cve_referencehackerone.com/reports/3627285no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/https://gitlab.com/gitlab-org/gitlab/-/work_items/594937https://hackerone.com/reports/3627285