Improper Authorization in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2026-13151
Published: July 8, 2026
GitLab Enterprise Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote user to modify group-level settings beyond their intended permissions.
The vulnerability exists due to improper authorization controls in group-level settings when handling modification requests. A remote privileged user can send crafted modification requests to modify group-level settings beyond their intended permissions.