Incorrect Authorization in GitLab
CVE-2026-6269

5.4MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 11 June 2026

What is CVE-2026-6269?

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect authorization enforcements.

Affected Version(s)

GitLab 15.10 < 18.10.8

GitLab 18.11 < 18.11.5

GitLab 19.0 < 19.0.2

References

https://gitlab.com/gitlab-org/gitlab/-/work_items/596625

https://hackerone.com/reports/3661880

technical-descriptionexploitpermissions-required

https://about.gitlab.com/releases/2026/06/10/patch-releas...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Thanks [rogerace](https://hackerone.com/rogerace) for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-6269 Data

JSON