Platform
gitlab
Component
gitlab-jira-connect
Fixed in
18.8.7
18.9.3
18.10.1
CVE-2026-2370 describes an authorization bypass vulnerability within GitLab Jira Connect. This flaw allows an authenticated user possessing limited workspace permissions to extract installation credentials, enabling potential impersonation of the GitLab application. The vulnerability impacts GitLab CE/EE versions from 14.3 up to, but not including, 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. A fix is available in GitLab version 18.10.1.
The primary impact of CVE-2026-2370 is the potential for unauthorized access and data compromise. An attacker exploiting this vulnerability could gain access to sensitive information stored within the GitLab instance, particularly data related to Jira integration. Successful exploitation allows the attacker to impersonate the GitLab application, potentially leading to further lateral movement within the environment and access to other connected systems. This could result in data breaches, system disruption, and reputational damage. The ability to extract installation credentials significantly expands the attack surface, as these credentials could be used to compromise other systems or services relying on the GitLab Jira Connect integration.
CVE-2026-2370 was publicly disclosed on 2026-03-29. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is currently pending evaluation. It is not listed on the CISA KEV catalog. Active exploitation is not currently confirmed, but the ease of exploitation, once a PoC is available, warrants immediate attention.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-2370 is to immediately upgrade GitLab Jira Connect to version 18.10.1 or later. If upgrading is not immediately feasible, consider restricting user permissions within Jira Connect workspaces to minimize the potential impact of a successful attack. Review existing Jira Connect configurations and audit user access rights. While a direct WAF rule is unlikely to be effective, implementing stricter authentication and authorization policies within GitLab can help reduce the overall attack surface. After upgrading, confirm the fix by verifying that users with minimal workspace permissions are no longer able to access installation credentials.
Update GitLab to version 18.8.7, 18.9.3 or 18.10.1, or a later version. This corrects the improper parameter handling vulnerability in Jira Connect installations.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-2370 is a HIGH severity authorization bypass vulnerability in GitLab Jira Connect affecting versions 14.3–18.10.1. It allows unauthorized credential access.
You are affected if you are running GitLab CE/EE versions from 14.3 before 18.8.7, 18.9 before 18.9.3, or 18.10 before 18.10.1 with Jira Connect installed.
Upgrade GitLab Jira Connect to version 18.10.1 or later to resolve the vulnerability. Restrict user permissions as a temporary workaround.
Active exploitation is not currently confirmed, but the vulnerability's nature makes it a potential target.
Refer to the official GitLab security advisory for CVE-2026-2370 on the GitLab website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.