Home / Vulnerability Intelligence / CVE-2026-2370

CVE-2026-2370 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 30, 2026

GitLab CE/EE - Broken Access Control

Published: March 30, 2026Updated: March 30, 2026Remote Exploitable

Overview

GitLab CE/EE >= 14.3 and < 18.8.7, 18.9 < 18.9.3, and 18.10 < 18.10.1 contains a broken access control caused by improper authorization checks in Jira Connect installations, letting authenticated users with minimal workspace permissions obtain installation credentials and impersonate the GitLab app.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 0.8%(Probability of exploitation in next 30 days)

Impact

Authenticated users with minimal permissions can obtain credentials and impersonate the GitLab app, risking unauthorized actions and data access.

Mitigation

Update to GitLab CE/EE 18.8.7, 18.9.3, 18.10.1 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 30, 2026

🟠 CVE-2026-2370 - High (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2370/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2370
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: confirmed
EPSS: 0.8%
Social Posts: 1

CWE

CWE-233

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.8%Probability of exploitation in the next 30 days