EIP-2026-114698

PRE-CVE

Gitlab 12.9.0 - Arbitrary File Read (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114698. PoCs published by Jasper Rasenberg.

AI-analyzed exploit summary This exploit leverages an arbitrary file read vulnerability in GitLab 12.9.0 by creating issues with crafted descriptions that reference sensitive files via path traversal. It requires authentication via a personal access token.

Description

Gitlab 12.9.0 - Arbitrary File Read (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Jasper Rasenberg · pythonwebappsruby

https://www.exploit-db.com/exploits/49076

View Code ZIP pw:eip

This exploit leverages an arbitrary file read vulnerability in GitLab 12.9.0 by creating issues with crafted descriptions that reference sensitive files via path traversal. It requires authentication via a personal access token.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: GitLab 12.9.0

Auth required

Prerequisites: Valid GitLab account with permissions to create projects and issues · Personal access token with appropriate scopes

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026