CVE•Published 2026-04-08•Modified 2026-04-13•1 article on news•5 live references•NVD data

CVE-2026-5173

Vulnerability data via NVD (ingested)

CVSS v3.1

8.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

EPSS percentile

—

Weaknesses (CWE)

CWE-749Exposed Dangerous Method or Function

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

Timeline

Published 2026-04-08

Modified 2026-04-13

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-5173

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

vuln:CVE-2026-5173

Country / ASN / product breakdown for the vuln query.

vulnerabilities.cve_id: CVE-2026-5173

Censys host search filtered to this CVE id.

CVE-2026-5173

Public source-code mentions — fast PoC discovery.

CVE-2026-5173

GitHub code search for direct mentions.

"CVE-2026-5173" exploit -site:nvd.nist.gov

Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-51738 repos

TheDuffman85/crowdsec-web-uiTypeScript

A modern, responsive web interface for managing CrowdSec alerts and decisions.

★ 321·updated 3d ago

arkeep-io/arkeepGo

Manage backups across all your servers from a single dashboard.

★ 125·updated 5d ago

DarkFunct/TK-CVE-RepoPython

★ 49·updated 4d ago

xiaofang142/PrerenderShieldGo

PrerenderShield 是一款集防火墙安全防护与预渲染功能于一体的企业级 Web 应用中间件，专为解决前后端分离架构下网站发布的痛点而设计。现有防火墙产品（如雷池）无法支持预渲染，而预渲染产品（如 Rendertron）缺乏防火墙能力，PrerenderShield 填补了这一市场空白，为用户提供一站式的安全防护与 SEO 优化解决方案。

★ 45·updated 2mo ago

hackviserlabs/pengTypeScript

Open-source penetration test report writing tool. Write, manage, and export professional pentest reports — fast.

★ 26·updated 3mo ago

FranRom/pupilaTypeScript

Local-first daily job aggregator. AI review per job via your own LLM CLI, swipe-to-apply triage, and an MCP server for AI clients.

★ 23·updated 1w ago

RamiBotAI/ramibotPython

RamiBot v3.8.0 is a local-first AI security operations platform integrating multi-LLM support, a dynamic red/blue team skill pipeline, MCP tool orchestration, Docker terminal acces…

★ 21·updated 2mo ago

26Naitik/repomedicJavaScript

★ 20·updated 1w ago