GitLab Patches 7 CVEs: Duo AI Identity Flaw, Auth Bypass, and Project Enumeration
GitLab released emergency patch versions 19.0.1, 18.11.4, and 18.10.7 on May 27, 2026, fixing seven medium-to-high severity vulnerabilities including a Duo AI identity resolution bug (CVSS 8.2) and a blocked token authorization bypass.
Key findings
- CVE-2026-4868 (CVSS 8.2) allows Duo AI workflows to run under another user's identity due to improper identity resolution
- CVE-2026-9807 lets blocked Project Access Tokens continue accessing private resources
- CVE-2026-6713 enables unauthorized enumeration of private projects
- CVE-2026-8716 exposes CI data across ref types, affecting versions back to GitLab 12.7
- All seven CVEs fixed in versions 19.0.1, 18.11.4, and 18.10.7 released May 27, 2026
- GitLab.com already patched; self-managed instances urged to upgrade immediately
GitLab shipped urgent patch releases on May 27, 2026 — versions 19.0.1, 18.11.4, and 18.10.7 — addressing seven security vulnerabilities spanning authorization bypasses, data leakage, denial of service, and a high-severity identity confusion flaw in GitLab Duo AI workflows. The batch affects both Community Edition (CE) and Enterprise Edition (EE), with GitLab.com already running the patched code and Dedicated customers unaffected. Self-managed instances are urged to upgrade immediately.
**High-severity Duo AI identity confusion (CVE-2026-4868, CVSS 8.2)**
The most severe finding, CVE-2026-4868, is an EE-only vulnerability affecting all versions from 18.8 through the affected ranges. Under specific conditions, an authenticated attacker could cause GitLab Duo AI workflows to execute under another user's identity due to improper user identity resolution. This is a privilege confusion bug in GitLab's AI feature layer — an attacker with a valid session could effectively impersonate another user within Duo AI operations, potentially gaining access to AI-generated outputs, suggestions, or context intended for the victim. GitLab rates this High severity (CVSS 8.2), making it the standout CVE in this batch.
Authorization bypasses and access control failures
Four medium-severity CVEs in the batch share a common root cause: incorrect authorization enforcement. CVE-2026-9807 (CVSS 4.3) affects CE and EE from version 18.9 onward and describes a scenario where a blocked Project Access Token could continue accessing private resources — a stale-token bypass that undermines token revocation. CVE-2026-6713 (CVSS 5.3) allows an unauthorized user to enumerate private projects due to flawed authorization checks, a classic information disclosure vector that could aid reconnaissance. CVE-2026-2601 (CVSS 4.3, EE-only) permits an authenticated developer-role user to access sensitive deployment data on projects they should not be able to see. CVE-2026-5296 (CVSS 4.3, EE-only) involves foundational flow restrictions at the group level that a developer-role user could bypass.
CI data cross-ref access and denial of service
CVE-2026-8716 (CVSS 4.3, CE/EE) affects versions from 12.7 — a remarkably broad reach spanning over a decade of releases. An authenticated user could access CI data from a different ref type than intended, potentially leaking pipeline variables, job logs, or artifacts across branches or tags. CVE-2026-1402 (CVSS 6.5, CE/EE) is a denial-of-service vulnerability affecting versions from 17.1, where insufficient input validation allows an authenticated user to trigger a DoS condition. With a CVSS score of 6.5, this is the second-highest rated issue after the Duo AI flaw.
Patch status and version guidance
All seven vulnerabilities are fixed in GitLab 19.0.1, 18.11.4, and 18.10.7. The patch release was published on May 27, 2026, as an ad-hoc critical patch outside GitLab's regular bi-monthly schedule (second and fourth Wednesdays), reflecting the severity of the Duo AI identity issue. GitLab's advisory strongly recommends that all self-managed installations upgrade to one of these versions immediately. GitLab.com was updated proactively and requires no user action; GitLab Dedicated customers are also unaffected.
Why this batch matters
This disclosure is notable for two reasons. First, the inclusion of a Duo AI identity confusion bug (CVE-2026-4868) signals that GitLab's expanding AI feature surface is introducing new privilege-boundary attack classes that traditional authorization models may not fully cover. Second, the breadth of the affected version ranges — CVE-2026-8716 reaches back to GitLab 12.7, released in 2019 — means that organizations running older but still-supported instances are exposed to multiple bypass vectors simultaneously. Administrators should prioritize the 19.0.1 upgrade, which collapses all fixes into a single jump, and review any Duo AI workflow configurations for anomalous activity.