Cyber Resilience

CVE-2026-5173

High

Published: 08 April 2026

Published
08 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
EPSS Score 0.0040 31.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5173 is a high-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5173 is an improper access control vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions from 16.9.6 prior to 18.8.9, 18.9 prior to 18.9.5, and 18.10 prior to 18.10.3. The flaw enables an authenticated user to invoke unintended server-side methods through WebSocket connections, as disclosed on 2026-04-08.

An attacker requires only a low-privilege authenticated account (PR:L) to exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation changes scope (S:C), resulting in high confidentiality impact (C:H) through unauthorized access to sensitive data, low integrity impact (I:L), and no availability impact (A:N), yielding a CVSS v3.1 base score of 8.5. The issue maps to CWE-749 (Exposed Dangerous Method or Function).

GitLab has remediated the vulnerability via patches, including the release of GitLab 18.10.3, as documented in their patch release notes at https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/. Further technical details are available in GitLab work item 588959 at https://gitlab.com/gitlab-org/gitlab/-/work_items/588959. Affected instances should be upgraded to patched versions to prevent exploitation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper…

more

access control.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability in the public-facing GitLab application allows an authenticated low-privilege user to invoke unintended server-side methods via WebSocket, directly enabling exploitation of a public-facing app (T1190) and resulting in scope-changing unauthorized sensitive data access that facilitates privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-9870Same product: Gitlab Gitlab
CVE-2026-0723Same product: Gitlab Gitlab
CVE-2025-2242Same product: Gitlab Gitlab
CVE-2025-9222Same product: Gitlab Gitlab
CVE-2025-0314Same product: Gitlab Gitlab
CVE-2025-13929Same product: Gitlab Gitlab
CVE-2024-7102Same product: Gitlab Gitlab
CVE-2026-0752Same product: Gitlab Gitlab
CVE-2026-3857Same product: Gitlab Gitlab
CVE-2026-2745Same product: Gitlab Gitlab

Affected Assets

gitlab
gitlab
16.9.6 — 18.8.9 · 18.9.0 — 18.9.5 · 18.10.0 — 18.10.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for logical access, preventing authenticated users from invoking unintended server-side methods through WebSocket connections due to improper access control.

prevent

Limits user privileges to the minimum necessary, reducing the scope and impact of exploitation by low-privilege authenticated accounts accessing sensitive data.

prevent

Requires timely identification, prioritization, and remediation of flaws like this CVE through patching to GitLab versions 18.8.9, 18.9.5, or 18.10.3.

References