GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9

2026-04-08

1 min read

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

GitLab released patch versions 18.10.3, 18.9.5, and 18.8.9 to address critical security vulnerabilities affecting both Community and Enterprise editions.

•Multiple high-severity vulnerabilities including exposed methods in websocket connections (CVE-2026-5173, CVSS 8.5) allowing authenticated users to invoke unintended server-side methods
•Denial of Service issues in Terraform state lock API, GraphQL API, and CSV import affecting versions from 11.7 onwards
•Authorization bypass vulnerabilities in vulnerability flags AI detection API, custom role permissions, and Environments API enabling privilege escalation
•Information disclosure vulnerabilities in GraphQL queries, CSV exports, and Code Quality reports exposing sensitive user data
•

Cross-site Scripting and Code Injection issues in analytics dashboards and Code Quality reports, plus 12 additional bug fixes including Geo Site synchronization and Git operations regression fixes

GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)