Improper Authorization in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2026-7492
Published: July 8, 2026
GitLab Enterprise Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote user to determine the existence of a private project.
The vulnerability exists due to improper authorization controls in commit discussion display when accessing cross-project reference pages. A remote user can access crafted cross-project reference pages to determine the existence of a private project.
The advisory text describes the actor as unauthenticated, but the attacker label follows the provided CVSS vector.