CVE-2026-13151

LOW

Incorrect Authorization in GitLab

Title source: cna
STIX 2.1

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.

Scores

CVSS v3 2.7
EPSS 0.0016
EPSS Percentile 5.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (4)
GitLab/GitLab 16.10 - 18.11.7
gitlab/gitlab 16.10.0 - 18.11.7
GitLab/GitLab 19.0 - 19.0.4
GitLab/GitLab 19.1 - 19.1.2
Published Jul 08, 2026
Tracked Since Jul 09, 2026