On 8 January 2026, the French Cybersecurity Agency (CERT‑FR) issued a security alert describing several vulnerabilities in GitLab. The vulnerabilities affect GitLab Community Edition (CE) and Enterprise Edition (EE) versions 18.6.x earlier than 18.6.3, 18.7.x earlier than 18.7.1, and all releases older than 18.5.5. Attackers could exploit the bugs to cause remote denial‑of‑service, compromise data confidentiality, or inject indirect remote code (XSS). The alert references multiple CVE identifiers (CVE‑2025‑10569, CVE‑2025‑11246, CVE‑2025‑13761, CVE‑2025‑13772, CVE‑2025‑13781, CVE‑2025‑3950, CVE‑2025‑64720, CVE‑2025‑65018, CVE‑2025‑9222). Users are advised to consult GitLab’s 7 January 2026 security bulletin for patches. The vulnerabilities were discovered by GitLab’s security team and reported to CERT‑FR. The security bulletin includes patches and guidance for affected users.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0014/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.