CVE-2026-13151 PUBLISHED

Incorrect Authorization in GitLab

Assigner: GitLab
Reserved: 24.06.2026 Published: 08.07.2026 Updated: 09.07.2026

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 2.7

Product Status

Vendor GitLab
Product GitLab
Versions Default: unaffected
  • affected from 16.10 to 18.11.7 (excl.)
  • affected from 19.0 to 19.0.4 (excl.)
  • affected from 19.1 to 19.1.2 (excl.)

Solutions

Upgrade to versions 18.11.7, 19.0.4, 19.1.2 or above.

Credits

  • This vulnerability has been discovered internally by GitLab team member zli finder

References

Problem Types

  • CWE-863: Incorrect Authorization CWE