GitLab has released critical security patches for Community and Enterprise editions to fix twelve vulnerabilities, including a high-severity websocket flaw tracked as CVE-2026-5173. Self-managed installations should upgrade immediately to patched versions 18.10.3, 18.9.5, or 18.8.9 to mitigate risks like unauthorized access, denial-of-service, and data exposure. #GitLab #CVE-2026-5173
Keypoints
- GitLab fixed twelve vulnerabilities across CE and EE, including the high-severity websocket bypass CVE-2026-5173.
- Patched releases are 18.10.3, 18.9.5, and 18.8.9; GitLab.com and GitLab Dedicated users are already protected.
- Several DoS issues were addressed, including flaws in the Terraform state lock API and GraphQL endpoints.
- Medium- and low-severity fixes cover code injection, cross-site scripting, improper authorization, and information disclosure.
- Upgrades do not include new migrations and should avoid downtime for multi-node deployments, though Omnibus packages may stop services unless configured otherwise.
Read More: https://thecyberexpress.com/gitlab-security-update-cve-2026-5173/