VDB
GCVE-110-CLOUD-2025-0004
GCVE-110-CLOUD-2025-0004
Advisory Published
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GitLab | Cloud Services | — | — |
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.