GitLab Product Security Update Advisory (CVE-2026-5173)
Security Advisory

GitLab Product Security Update Advisory (CVE-2026-5173)

Overview. A vulnerability (CVE-2026-5173) was reported in the GitLab product that allows server-side method calls due to lack of WebSocket access control. Affected Versions. GitLab CE/EE versions 16.9.6 and above but below 18.8.9 are affected. GitLab CE/EE versions 18.9 and above but below 18.9.5 are affected. GitLab CE/EE versions 18.10

  • Apr 25 2026