Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
GitLab EE: Authenticated users can change protected environment settings
CVE-2026-1752
Summary
An attacker with a developer account and special permissions could modify sensitive settings for projects and environments. This could lead to unintended changes to your project's security and workflow. Update to the latest version of GitLab EE to fix this issue.
Original title
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer...
Original description
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.
nvd CVSS3.1
4.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026