CVE-2026-12053
Insertion of Sensitive Information into Log File in GitLab
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.
In plain language
AI Worth attentionGitLab could have leaked sensitive information from already-published project content into logs, and you should update if you’re on a vulnerable GitLab version.
In GitLab EE versions before 19.1.1, insufficient filtering in Duo Workflows could cause sensitive information that was already committed to a project to be inserted into log files (network-accessible, no authentication required per the finding).
What to do now
- Check your GitLab edition/version and confirm you are running GitLab EE before 19.1.1.
- If you’re below 19.1.1, plan an upgrade immediately.
- Upgrade GitLab to 19.1.1 or above.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:NIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and Moreen·The Hacker News·
- GitLab Patches Code Execution, Information Disclosure Vulnerabilitiesen-us·SecurityWeek· Summary only·
- GitLab Security Updates Fix 13 Flawsen-us·Daily CyberSecurity (securityonline.info)· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-12053 and every CVE in our database. Create a free account — no credit card required.
Create Free Account