Main Vulnerability Database Vulnerabilities #VU131659

Insufficient Session Expiration in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2026-6515

Published: May 18, 2026

Vulnerability identifier: #VU131659

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-6515

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote user to access Virtual Registries with invalidated or incorrectly scoped credentials.

The vulnerability exists due to insufficient session expiration in virtual registry credentials validation when validating credentials under certain conditions. A remote user can use invalidated or incorrectly scoped credentials to access Virtual Registries with invalidated or incorrectly scoped credentials.

How to mitigate CVE-2026-6515

Install security update from vendor's website.

Sources

https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-11-1-released/

Insufficient Session Expiration in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2026-6515

Detailed vulnerability description

How to mitigate CVE-2026-6515

Sources

Please verify you're human