Primary

Context

GitLab EE Incorrect Authorization Vulnerability in Vulnerability Flags AI Detection API

Vulnerability

Patched

A vulnerability exists in GitLab Enterprise Edition (EE) versions 18.6 prior to 18.8.9, 18.9 prior to 18.9.5, and 18.10 prior to 18.10.3. This vulnerability could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects, due to incorrect authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of vulnerability flag data in private projects.

Remediation

Users are advised to upgrade to GitLab EE versions 18.10.3, 18.9.5, or 18.8.9.

Added: Apr 9, 2026, 12:25 AM

Updated: Apr 9, 2026, 12:25 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

6.2

remediation

7.7

relevance

5.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

6.2

remediation

7.7

relevance

5.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Incorrect Authorization Vulnerability in Vulnerability Flags AI Detection API

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating