GitLab EE <19.1.1 Improper Output Filtering in Duo Workflows Allows Sensitive Data Leak
CVE-2026-12053 Published on June 25, 2026
Insertion of Sensitive Information into Log File in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.
Vulnerability Analysis
CVE-2026-12053 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-12053
Want to know whenever a new CVE is published for GitLab? stack.watch will email you.
Affected Versions
GitLab:- Version 19.1 and below 19.1.1 is affected.