CVE-2018-19571

HIGH LAB

GitLab CE/EE <11.3.11-11.5.1 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2018-19571. PoCs published by Algafix, CS4239-U6, xenophil90.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2018-19571, which targets GitLab 11.4.7 CE. The exploit leverages an SSRF vulnerability combined with Redis command injection to achieve remote code execution (RCE) by creating a malicious project and triggering a reverse shell.

Description

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

Exploits (5)

nomisec WORKING POC 3 stars
by Algafix · poc
https://github.com/Algafix/gitlab-RCE-11.4.7

This repository contains a Python-based exploit for CVE-2018-19571, which targets GitLab 11.4.7 CE. The exploit leverages an SSRF vulnerability combined with Redis command injection to achieve remote code execution (RCE) by creating a malicious project and triggering a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab 11.4.7 CE
Auth required
Prerequisites: Valid GitLab credentials · Network access to the target GitLab instance · Redis service accessible via SSRF
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by CS4239-U6 · poc
https://github.com/CS4239-U6/gitlab-ssrf

This repository demonstrates CVE-2018-19571, an SSRF vulnerability in GitLab combined with CRLF injection to achieve RCE via Redis and Sidekiq job manipulation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab CE/EE (8.18 to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1)
Auth required
Prerequisites: Access to a vulnerable GitLab instance · Ability to create a project or import a repository · Network access to internal Redis service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by xenophil90 · poc
https://github.com/xenophil90/edb-49263-fixed

This is a working exploit for GitLab 11.4.7 that chains SSRF (CVE-2018-19571) and CRLF injection (CVE-2018-19585) to achieve authenticated remote code execution via Redis manipulation. It generates a Python reverse shell and executes it in two stages: download and execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab 11.4.7 CE
Auth required
Prerequisites: Valid GitLab credentials · Network access to the target · Redis accessible via SSRF · HTTP server to host the reverse shell payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
pythonwebappsruby
https://www.exploit-db.com/exploits/49257

This exploit leverages a Redis injection vulnerability in GitLab 11.4.7 to achieve remote code execution by manipulating the project import URL to inject malicious Redis commands, which then execute a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab 11.4.7
Auth required
Prerequisites: Valid GitLab credentials · Authenticity token · Session cookies · Network access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythonwebappsruby
https://www.exploit-db.com/exploits/49334

This exploit leverages CVE-2018-19571 and CVE-2018-19585 to achieve RCE in GitLab 11.4.7 by abusing Redis deserialization via a crafted project import URL. It sends a malicious payload to execute a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GitLab 11.4.7 (Community Edition)
Auth required
Prerequisites: Valid GitLab credentials · Network access to the target · Redis service accessible on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link, Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/53242

Scores

CVSS v3 7.7
EPSS 0.2798
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull gitlab/gitlab-ce:11.4.7-ce.0

Details

CWE
CWE-918
Status published
Products (1)
gitlab/gitlab 8.18.0 - 11.3.11 (2 CPE variants)
Published Jul 10, 2019
Tracked Since Feb 18, 2026