CVE-2026-6269 MEDIUM

CVE-2026-6269: Incorrect Authorization in GitLab

Vendor Gitlab

Product GitLab

Weakness CWE-863 · Incorrect authorization

Published June 11, 2026

Last update June 11, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect authorization enforcements.

Key dates

02Disclosure timeline

June 11, 2026 CVE published

June 11, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-6269

Related vulnerabilities

Identifiers

CVE CVE-2026-6269

CWE CWE-863

CVSS 5.4 / MEDIUM

Affected versions

Vendor Gitlab

Product GitLab

Affected ≥ 15.10 and < 18.10.8

Vendor Gitlab

Product GitLab

Affected ≥ 18.11 and < 18.11.5

Vendor Gitlab

Product GitLab

Affected ≥ 19.0 and < 19.0.2

CVE-2026-6269: Incorrect Authorization in GitLab

01Description

02Disclosure timeline

03References

04Related CVE