Platform
gitlab
Component
gitlab
Opgelost in
18.8.7
18.9.3
18.10.1
CVE-2026-1724 describes a vulnerability in GitLab EE that allows unauthenticated users to potentially access API tokens associated with self-hosted AI models. This improper access control could lead to unauthorized access and misuse of these tokens. The vulnerability impacts GitLab EE versions 18.5 through 18.10.1, as well as 18.9 before 18.9.3. A fix is available in GitLab 18.10.1.
Successful exploitation of CVE-2026-1724 could allow an attacker to gain unauthorized access to API tokens used by GitLab's self-hosted AI models. These tokens grant access to the underlying AI services, potentially enabling the attacker to perform actions on behalf of the GitLab instance. The impact could range from data exfiltration and model manipulation to denial of service, depending on the permissions associated with the compromised tokens. While the vulnerability is not directly exploitable for remote code execution, the access to AI model tokens represents a significant security risk, particularly in environments where these models handle sensitive data or perform critical operations. The blast radius is limited to the GitLab instance and its associated AI models, but the potential for misuse warrants immediate attention.
CVE-2026-1724 was publicly disclosed on March 25, 2026. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. Given the lack of public exploits and the relatively low CVSS score, the probability of exploitation is considered low to medium.
Organizations heavily reliant on GitLab's self-hosted AI models for critical business processes are particularly at risk. This includes companies using GitLab for CI/CD pipelines that leverage AI-powered features or those integrating AI models directly into their applications. Shared hosting environments where multiple users share a GitLab instance may also be vulnerable if access controls are not properly configured.
• gitlab: Examine GitLab audit logs for unusual API token creation or usage patterns. Look for requests originating from unexpected IP addresses or user agents.
``journalctl -u gitlab-run -f | grep "API token"``
• gitlab: Review GitLab's access control settings for AI model API endpoints. Ensure that only authorized users and services have access.
• generic web: Monitor network traffic to GitLab instances for unauthorized API requests. Use a WAF to block suspicious requests.
• generic web: Check GitLab's error logs for any access denied errors related to AI model API endpoints.
disclosure
Exploit Status
EPSS
0.03% (7% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-1724 is to upgrade GitLab EE to version 18.10.1 or later. This version includes the necessary access control fixes to prevent unauthorized token access. If upgrading immediately is not feasible, consider reviewing and restricting access to the AI model API endpoints using GitLab's built-in access control mechanisms. Implement stricter authentication and authorization policies for all API requests. Monitor GitLab logs for any suspicious activity related to API token usage. After upgrading, confirm the fix by attempting to access the AI model API endpoints without authentication and verifying that access is denied.
Werk GitLab bij naar versie 18.8.7, 18.9.3 of 18.10.1, of naar een latere versie die de correctie voor deze kwetsbaarheid bevat. Dit voorkomt dat niet-geauthenticeerde gebruikers toegang krijgen tot de API tokens van zelf-gehoste AI modellen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-1724 is a medium-severity vulnerability in GitLab EE allowing unauthenticated users to access API tokens for self-hosted AI models due to improper access controls.
You are affected if you are running GitLab EE versions 18.5 through 18.10.1, or 18.9 before 18.9.3.
Upgrade GitLab EE to version 18.10.1 or later to remediate the vulnerability. Review and restrict access to AI model API endpoints.
There is currently no indication of active exploitation in the wild or publicly available proof-of-concept code.
Refer to the official GitLab security advisory for CVE-2026-1724 on the GitLab website.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.