Alert GCSA-26058 - Aggiornamento di sicurezza per GitLab

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** Alert ID: GCSA-26058 Data: 10 Aprile 2026 Titolo: Aggiornamento di sicurezza per GitLab ****************************************************************** :: Descrizione del problema Sono state identificate vulnerabilita' multiple in GitLab che potrebbero consentire ad un attaccante remoto di manipolare dati, rivelare informazioni riservate, oltrepassare restrizioni di sicurezza ed innescare condizioni di Denial of Service e cross-site scripting su un sistema che ne sia affetto. Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Software interessato GitLab Community Edition (CE) GitLab Enterprise Edition (EE) versioni 18.8.x precedenti alla 18.8.9 versioni 18.9.x precedenti alla 18.9.5 versioni 18.10.x precedenti alla 18.10.3 :: Impatto Denial of Service Security Restriction Bypass Cross-Site Scripting Data Manipulation Information Disclosure :: Soluzioni Aggiornare alle ultime versioni https://about.gitlab.com/update https://docs.gitlab.com/update/ :: Riferimenti GitLab Security Release https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/ GitLab - security best practices https://about.gitlab.com/blog/security-hygiene-best-practices-for-gitlab-users/ https://about.gitlab.com/blog/gitlab-instance-security-best-practices/ https://about.gitlab.com/security/hardening/ Mitre CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9484 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1101 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2104 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2619 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4332 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4916 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5173 GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCadifKwAKCRDBnEyTZRJg QgtKAKDMMpoGgmxufunBghpP8GqaZNVhDQCeJUKGGoF11GU28oYfZDdaeHdF87Y= =S7IE -----END PGP SIGNATURE-----