Primary

Context

GitLab AI GraphQL Mutation Missing Authorization Vulnerability

Vulnerability

Patched

A vulnerability exists in GitLab Enterprise Edition (EE) versions 18.5 prior to 18.5.5, 18.6 prior to 18.6.3, and 18.7 prior to 18.7.1. This vulnerability allows authenticated users to modify instance-wide AI feature provider settings by exploiting inadequate authorization checks in GraphQL mutations.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of AI feature provider settings, potentially affecting the behavior of AI functionalities across the GitLab instance.

Remediation

Users are advised to upgrade to GitLab EE versions 18.7.1, 18.6.3, or 18.5.5. Instructions for updating GitLab can be found on the GitLab Update page. After upgrading, ensure to run any necessary database migrations.

Added: Jan 9, 2026, 10:30 AM

Updated: Jan 9, 2026, 10:30 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab AI GraphQL Mutation Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating