Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
GitLab EE: Unauthorized Changes to Private Project Vulnerability Flags
CVE-2026-2619
Summary
A bug in GitLab EE allowed an authenticated user with limited access to modify vulnerability flags in private projects. This could have led to incorrect vulnerability data being displayed. Update to the latest version of GitLab EE to resolve the issue.
Original title
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authe...
Original description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization.
nvd CVSS3.1
4.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026