GitLab EE Vulnerability Allows Unauthorized Access to AI Model Settings
CVE-2025-13772

7.1HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 9 January 2026

What is CVE-2025-13772?

An identified issue in GitLab EE allows an authenticated user to exploit API requests by manipulating namespace identifiers, potentially granting unauthorized access to AI model settings across various namespaces. This flaw impacts multiple versions of GitLab EE, emphasizing the importance of updating to the latest releases to maintain robust security protocols.

Affected Version(s)

GitLab 18.4 < 18.5.5

GitLab 18.6 < 18.6.3

GitLab 18.7 < 18.7.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/581268

issue-trackingpermissions-required

https://about.gitlab.com/releases/2026/01/07/patch-releas...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2026
Vulnerability Reserved
Nov 28, 2025

Credit

This vulnerability has been discovered internally by GitLab team member [Jessie Young] (https://gitlab.com/jessieay)

JSON