CVE-2026-7471
Server-Side Request Forgery (SSRF) in GitLab
3.5
LOW
CVSS 3.1
EPSS 0.01%
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation.
How to fix CVE-2026-7471
To remediate CVE-2026-7471, upgrade the affected package to a fixed version below.
- —upgrade to 18.9.7 or later
Is CVE-2026-7471 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 18.8.0, < 18.9.7, >= 18.10.0, < 18.10.6, >= 18.11.0, < 18.11.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |