GitLab Patch Release Fixes Seven Vulnerabilities Including High-Severity Duo AI Identity Bypass
GitLab released versions 19.0.1, 18.11.4, and 18.10.7 on May 27, 2026, patching seven vulnerabilities, the most severe of which allows an authenticated attacker to run Duo AI workflows under another user's identity.
GitLab released versions 19.0.1, 18.11.4, and 18.10.7 on May 27, 2026, addressing seven security vulnerabilities across Community Edition (CE) and Enterprise Edition (EE). The most critical fix targets CVE-2026-4868, a high-severity improper access control issue in Duo AI workflow runners that could allow an authenticated user to execute AI workflows under another user's identity. The vulnerability carries a CVSS score of 8.2 and affects GitLab EE versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. It was reported through GitLab's HackerOne bug bounty program by researcher 'ahacker1'.
Two medium-severity vulnerabilities were also patched. CVE-2026-1402 (CVSS 6.5) enables a denial of service condition via the Wiki component due to insufficient validation, affecting both CE and EE from version 17.1 onward. CVE-2026-6713 (CVSS 5.3) allows unauthorized enumeration of private projects through the GraphQL WorkItem API due to incorrect authorization checks, impacting versions from 18.2. Both were reported through the HackerOne program by researchers 'a92847865' and 'pollito', respectively.
Four additional medium-severity flaws were remediated. CVE-2026-5296 (CVSS 4.3) involves improper authorization in the Duo Workflows API, allowing developer-role users to bypass flow restrictions when foundational flows are enabled at the group level. CVE-2026-2601 (CVSS 4.3) addresses a missing authorization check in Operations that could expose sensitive deployment data to authenticated developers. CVE-2026-8716 (CVSS 4.3) fixes an incorrect name resolution issue in Pipelines that could leak CI data across ref types. CVE-2026-2710 (CVSS 4.3) corrects an authorization flaw in authentication endpoints that allowed blocked Project Access Tokens to continue accessing private resources.
GitLab strongly recommends that all self-managed installations upgrade immediately to one of the patched versions. GitLab.com is already running the fixed release, and GitLab Dedicated customers require no action. The vulnerabilities were discovered through both external bug bounty reports and internal research, with CVE-2026-8716 identified by GitLab team member Hordur Freyr Yngvason.
This patch release underscores the growing attack surface introduced by AI-powered features like Duo workflows, where identity resolution flaws can have serious consequences. GitLab's rapid response and coordinated disclosure through its bug bounty program demonstrate the importance of community-driven security research in protecting DevOps platforms that host sensitive code and CI/CD pipelines.