GitLab is a web-based Git repository manager with wiki and issue-tracking features. GitLab is similar to GitHub, but GitLab has an open-source version, unlike GitHub.

GitLab

NixOS is a Linux distribution built on top of the Nix package manager. It is completely declarative, its system configurations are reproducible, makes configuration changes reliable and atomic, and eliminates configuration drift.

NixOS

GitLab Enterprise is a self-hosted, scalable, and secure platform that provides DevOps and CI/CD capabilities for software development teams. It offers advanced features, integrations, and support for organizations requiring enhanced collaboration and security. GitLab Enterprise is available in two tiers: Premium and Ultimate.

Gitlab Enterprise

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-2370	HIGH	8.8	GitLab	gitlab	No	Yes	Mar 30, 2026
CVE-2026-3857	HIGH	8.8	GitLab	cpe:2.3:a:gitlab:gitlab	No	Yes	Mar 25, 2026
CVE-2026-3988	HIGH	7.5	GitLab	cpe:2.3:a:gitlab:gitlab:::::community:::*	No	Yes	Mar 25, 2026
CVE-2026-2995	MEDIUM	5.4	GitLab	gitlab	No	Yes	Mar 25, 2026
CVE-2026-2973	MEDIUM	5.4	GitLab	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	No	Yes	Mar 25, 2026

CVE-2026-2845:
GitLab vulnerability analysis and mitigation

6.5

Related GitLab vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-2845: GitLab vulnerability analysis and mitigation