VDB

CVE-2026-12635

CVE-2026-12635 PUBLISHED

Reported by GitLab · Published June 25, 2026

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation.

Affected Products

VendorProductVersions
GitLabGitLab8.3, 19.0, 19.1
GitLabGitLab8.3, 19.0, 19.1

Timeline

  • Jun 25, 2026 EPSS Score
  • Jun 25, 2026 Coalition ESS Score
  • Jun 25, 2026 CVE Published
  • Jun 29, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›