CVE-2026-1724
Published: 25 March 2026
Summary
CVE-2026-1724 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Gitlab Gitlab. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved access control policies to prevent unauthenticated users from accessing sensitive API tokens on GitLab endpoints.
Defines and restricts actions allowable without identification or authentication, directly addressing the improper exposure of API tokens to unauthenticated users.
Implements protections for public APIs to prevent unauthorized access to sensitive information such as self-hosted AI model API tokens.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control on GitLab AI model endpoints directly enables unauthenticated theft of application API tokens (T1528); the network-exposed web vulnerability also maps to public-facing application exploitation (T1190).
NVD Description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper…
more
access control.
Deeper analysisAI
CVE-2026-1724 is an improper access control vulnerability (CWE-306) in GitLab Enterprise Edition (EE), affecting all versions from 18.5 prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. The flaw allows unauthenticated users to access API tokens associated with self-hosted AI models due to inadequate protections on the relevant endpoints.
An unauthenticated attacker with network access (AV:N) can exploit this vulnerability, though it requires high attack complexity (AC:H) and no user interaction (UI:N). Exploitation changes scope (S:C) and results in high confidentiality impact (C:H) with no integrity or availability effects (I:N/A:N), earning a CVSS v3.1 base score of 6.8. Successful attacks enable the attacker to obtain sensitive API tokens for self-hosted AI models.
GitLab has remediated the issue through patch releases, such as GitLab 18.10.1. Additional details are available in the official patch release notes at https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/, the GitLab work item at https://gitlab.com/gitlab-org/gitlab/-/work_items/588334, and the HackerOne disclosure report at https://hackerone.com/reports/3531412.
This vulnerability highlights risks in deployments using self-hosted AI models within GitLab EE, where exposed API tokens could enable unauthorized access to AI functionalities.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai