Ghostwire

CVE-2026-2900: GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and...

LOW CVSS 2.7 Exploit Available 5 PoC

Published: May 14, 2026 | Last Modified: May 14, 2026

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete project approval rules due to missing authorization checks.

Ghostwire Analysis — What This Means Practically

5 proof-of-concept exploits available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.
3 articles from independent security sources have covered this vulnerability, indicating significant industry attention.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-2900: GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (5)

Security Coverage (3 articles)

References