GitLab Product Security Update Advisory

Jan 26 2026

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-13927

GitLab CE/EE Versions: 11.9 and above but below 18.6.4
GitLab CE/EE Versions: 18.7 and above but below 18.7.2
GitLab CE/EE versions: 18.8 and above but below 18.8.2

CVE-2025-13928

GitLab CE/EE Version: 17.7 or later but not earlier than 18.6.4
GitLab CE/EE version: 18.7 or later but not earlier than 18.7.2
GitLab CE/EE versions: 18.8 and above but below 18.8.2

Resolved Vulnerabilities

Denial of service vulnerability in the Jira Connect integration in GitLab CE/EE (CVE-2025-13927)
Improper authorization validation vulnerability in the Releases API in GitLab CE/EE (CVE-2025-13928)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-13927, CVE-2025-13928

GitLab CE/EE version: 18.6.4
GitLab CE/EE version: 18.7.2
GitLab CE/EE version: 18.8.2

References

[1] GitLab Patch Release: 18.8.2, 18.7.2, 18.6.4
https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

GitLab Product Security Update Advisory

Cisco Family Security Update Advisory (CVE-2026-20045)

Microsoft Edge browser (144.0.3719.92) version security update advisory

Tags:

Cisco Family Security Update Advisory (CVE-2026-20045)

Microsoft Edge browser (144.0.3719.92) version security update advisory