Unauthorized Access Vulnerability in GitLab Enterprise Edition
CVE-2026-5309
5.4MEDIUM
What is CVE-2026-5309?
A vulnerability in GitLab Enterprise Edition allows authenticated users to read or modify another group's virtual registry cleanup policy settings without the required authorization. This flaw affects multiple versions, enabling unauthorized changes that could compromise the integrity of group policies. Proper remediation involves updating affected installations to mitigate the risk associated with this issue. Refer to GitLab's security advisories for detailed patching information.
Affected Version(s)
GitLab 18.6 < 18.11.6
GitLab 19.0 < 19.0.3
GitLab 19.1 < 19.1.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Thanks [go7f0](https://hackerone.com/go7f0) for reporting this vulnerability through our HackerOne bug bounty program