Plattform
gitlab
Komponente
gitlab
Behoben in
18.8.9
18.9.5
18.10.3
CVE-2026-1516 is an information disclosure vulnerability affecting GitLab Enterprise Edition (EE). An authenticated user can potentially leak the IP addresses of other users viewing specially crafted Code Quality reports. This vulnerability impacts versions 18.0.0 through 18.10.3 and has been resolved in version 18.10.3.
The primary impact of CVE-2026-1516 is the potential exposure of user IP addresses. While seemingly minor, this information can be leveraged for reconnaissance purposes. An attacker could use the leaked IP addresses to identify internal network infrastructure, map out user locations, or potentially target specific users with further attacks. This vulnerability doesn't grant direct access to systems or data but provides valuable information for planning more sophisticated attacks. The ability to correlate IP addresses with user accounts within GitLab could also facilitate social engineering attempts.
CVE-2026-1516 was publicly disclosed on 2026-04-08. There is currently no indication of active exploitation or a public proof-of-concept. The vulnerability is not listed on the CISA KEV catalog. The relatively low CVSS score suggests a low probability of exploitation, but the potential for reconnaissance makes it important to address.
Organizations using GitLab Enterprise Edition (EE) with versions between 18.0.0 and 18.10.3 are at risk. Teams relying heavily on Code Quality reports for security assessments are particularly vulnerable, as are those with less stringent access controls to these reports.
• gitlab / server:
# Check GitLab version
gitlab-ctl version• gitlab / logs:
# Monitor Code Quality report generation logs for unusual activity
grep -i 'code quality report' /var/log/gitlab/gitlab-rails/production.log• generic web:
# Check for exposed Code Quality endpoints
curl -I https://<gitlab_url>/api/v4/quality_reportsdisclosure
Exploit-Status
EPSS
0.04% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1516 is to upgrade GitLab EE to version 18.10.3 or later. If an immediate upgrade is not feasible, consider restricting access to Code Quality reports to a limited group of users. Review Code Quality report configurations to ensure no malicious content is being introduced. Monitor GitLab logs for unusual activity related to Code Quality report generation and viewing. After upgrading, confirm the fix by generating and viewing a Code Quality report, verifying that IP addresses are not exposed.
Aktualisieren Sie GitLab auf Version 18.8.9 oder höher, 18.9.5 oder höher oder 18.10.3 oder höher, um die Verwundbarkeit zu mindern. Dieses Update behebt ein Problem, das die Offenlegung von IP-Adressen von Benutzern ermöglichte, die Code-Qualitätsberichte ansehen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1516 is a vulnerability in GitLab EE where a crafted Code Quality report can leak IP addresses of users viewing it, impacting user privacy.
You are affected if you are using GitLab EE versions 18.0.0 through 18.10.3. Upgrade to 18.10.3 or later to mitigate the risk.
Upgrade GitLab EE to version 18.10.3 or later. Consider restricting access to Code Quality reports as a temporary workaround.
There is currently no indication of active exploitation or a public proof-of-concept for CVE-2026-1516.
Refer to the official GitLab security advisory for CVE-2026-1516: [https://gitlab.com/security/advisories/CVE-2026-1516](https://gitlab.com/security/advisories/CVE-2026-1516)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.