Improper Authorization in GitLab EE Affects User Permissions
CVE-2026-13151

2.7LOW

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-13151?

GitLab has addressed a significant authorization issue in GitLab EE that allows authenticated users to alter group-level settings beyond their designated permissions. This vulnerability affects multiple versions, opening the door for unauthorized alterations that could compromise group configurations. Implementing the latest updates is crucial to mitigate potential risks associated with this flaw.

Affected Version(s)

GitLab 16.10 < 18.11.7

GitLab 19.0 < 19.0.4

GitLab 19.1 < 19.1.2

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This vulnerability has been discovered internally by GitLab team member zli
.