{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1516", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-01-28T05:03:57.410Z", "datePublished": "2026-04-08T22:25:57.848Z", "dateUpdated": "2026-04-08T22:25:57.848Z"}, "containers": {"cna": {"title": "Improper Control of Generation of Code ('Code Injection') in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "18.0.0", "status": "affected", "lessThan": "18.8.9", "versionType": "semver"}, {"version": "18.9", "status": "affected", "lessThan": "18.9.5", "versionType": "semver"}, {"version": "18.10", "status": "affected", "lessThan": "18.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94", "type": "CWE"}]}], "references": [{"url": "https://hackerone.com/reports/3514461", "name": "HackerOne Bug Bounty Report #3514461", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/587893"}, {"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."}], "credits": [{"lang": "en", "value": "Thanks [maksyche](https://hackerone.com/maksyche) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T22:25:57.848Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content."}], "id": "CVE-2026-1516", "lastModified": "2026-04-08T23:16:57.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-04-08T23:16:57.920", "references": [{"source": "cve@gitlab.com", "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}, {"source": "cve@gitlab.com", "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/587893"}, {"source": "cve@gitlab.com", "url": "https://hackerone.com/reports/3514461"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.0.0,18.8.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.9,18.9.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.10,18.10.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GitLab", "source": "cna", "vendor": "GitLab"}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-08T23:22:35.005864+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to upgrade to GitLab EE version 18.8.9, 18.9.5, 18.10.3, or any later release.", "Verify that all GitLab Enterprise Edition instances are running one of the fixed versions and have no older vulnerable releases in use."], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All GitLab Enterprise Edition releases before version 18.8.9, before 18.9.5, and before 18.10.3 are affected. The issue applies to the standard GitLab EE code base and would be present in any installation of those milestone releases that has enabled the code quality report feature.", "description_and_impact": "GitLab Enterprise Edition reports for code quality could include malicious content that causes the system to transparently share the IP addresses of users who view those reports. The defect is a flaw in how the software generates report code, allowing an attacker with legitimate access to inject code designed to expose client network details. Because the exposed information is not otherwise protected, an attacker can learn the geographic location or network topology of users, which may facilitate future targeting or privacy violations.", "risk_and_exploitability": "The vulnerability is assigned a CVSS score of 5.7, indicating medium severity. No EPSS score is available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires an authenticated user at least able to submit or edit code quality reports, so it is most relevant to insiders or compromised accounts. While no public exploit has been disclosed, the potential for IP leakage and the ease of creating a malicious report make the threat real. The vendor\u2019s patch removes the code injection vector, eliminating the risk from properly updated systems."}}}}, "created": "2026-04-09T08:16:10.588922+00:00", "updated": "2026-04-09T08:25:36.490394+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}