GitLab CE/EE Security Patch Release (19.0.1 / 18.11.4 / 18.10.7) — CVE-2026-4868 GitLab Duo AI Workflow Runner Identity Confusion (CVSS 8.2) Plus DoS and Broken-Authorization Flaws — Threadlinqs Intelligence
Threat ID: TL-2026-0634 · Severity: HIGH · CVSS: 8.2 · Status: ACTIVE · Category: VULNERABILITY
On 2026-05-27 GitLab shipped emergency security releases 19.0.1, 18.11.4 and 18.10.7 for self-managed Community and Enterprise Edition, fixing seven vulnerabilities spanning Duo AI, denial-of-service
GitLab's 2026-05-27 patch release (versions 19.0.1, 18.11.4 and 18.10.7) addresses seven security issues in self-managed GitLab Community Edition (CE) and Enterprise Edition (EE). The release is notable for clustering several flaws in GitLab's AI feature set (GitLab Duo / Duo Agent Platform) alongside classic broken-authorization and denial-of-service bugs, underscoring that AI-agent functionality is now a first-class attack surface on the DevOps platform. No public proof-of-concept and no in-the-wild exploitation were reported at disclosure; all issues were fixed prior to public detail, and GitLab.com plus GitLab Dedicated were patched ahead of the self-managed release.
The highest-severity issue, CVE-2026-4868 (CVSS 8.2, HIGH), is an improper-access-control / identity-resolution defect in the Duo AI workflow runners. When a Duo AI workflow is triggered, the runner resolves the acting user identity incorrectly under certain conditions, allowing an authenticated user to cause a workflow to execute in the security context of a different user. Because Duo workflows can read repository content, interact with project APIs and act on issues/merge requests, an attacker who can influence identity resolution can perform actions and access data as the impersonated victim — a lateral-movement and privilege-abuse primitive within a single GitLab instance. The flaw affects EE from 18.8 up to the fixed 18.10.7 / 18.11.4 / 19.0.1 builds.
The remaining six issues are lower severity but materially expand the instance's exposure. CVE-2026-1402 (CVSS ~6.5) is an authenticated denial-of-service in the Wiki: insufficient input validation lets crafted Wiki content drive uncontrolled resource consumption and render the Wiki (and potentially the worker handling it) unavailable; it reaches back to CE/EE 17.1. CVE-2026-6713 (CVSS ~5.3) is an incorrect-authorization flaw in the GraphQL WorkItem API that, under certain conditions, allows enumeration of private projects by an unauthenticated requester. CVE-2026-5296 is an improper-authorization flaw in the Duo Workflows API where a Developer-role user can bypass flow restrictions when foundational flows are enabled at the group level. CVE-2026-2601 is a missing-authorization issue in EE operations that exposes sensitive deployment data to developer-level users. CVE-2026-8716 is an incorrect ref-type name-resolution issue in pipelines that grants access to CI data belonging to a different ref type. CVE-2026-2710 hardens authentication so that blocked Project Access Tokens can no longer access private resources.
Exploit-chain perspective: most of these flaws require only a low-privileged authenticated account (Developer role or a valid user/PAT), with CVE-2026-6713 reachable pre-auth for limited private-project enumeration. A realistic chain begins with reconnaissance via the GraphQL WorkItem API (CVE-2026-6713) to enumerate otherwise-hidden private projects, followed by authenticated abuse: leveraging Duo AI identity confusion (CVE-2026-4868) to act as a higher-value user, reading deployment secrets exposed to developers (CVE-2026-2601), pivoting across ref types to reach foreign CI data (CVE-2026-8716), and abusing Duo Workflows API authorization gaps (CVE-2026-5296). The Wiki DoS (CVE-2026-1402) provides a disruptive/impact option. None of these require malware, custom tooling, or external C2 infrastructure — they are application-logic and authorization defects exploitable through GitLab's own web UI and APIs.
There is no vendor workaround other than upgrading. Defenders running self-managed GitLab should treat this as a priority patch given the wide deployment of GitLab in software-development, financial, government and technology environments and the value of source code, CI/CD pipelines and deployment credentials held within. Detection focuses on authorization-decision and identity-mismatch telemetry: Duo workflow runs whose acting identity differs from the triggering user, developer-role access
Weaknesses (CWE)
CWE-863, CWE-639, CWE-862, CWE-285, CWE-400, CWE-20, CWE-706, CWE-287
Target sectors: technology, software-development, financial, government, telecommunications, defense
Target regions: Global, North America, Europe, Asia
Detections & IOCs
This threat has 9 detection rule(s) across Splunk SPL, Microsoft KQL and Sigma, and 12 indicator(s) of compromise. Detection query text and full IOC values are available to authenticated users and programmatically via the Threadlinqs MCP server (Purple tier). View plans.
VULNERABILITY, HIGH, threat intelligence, cybersecurity, CVE-2026-4868, CVE-2026-1402, CVE-2026-6713, CVE-2026-5296, CVE-2026-2601, CVE-2026-8716, CVE-2026-2710, T1190, T1078, T1648, T1068, T1134, T1550, T1528, T1087, T1526, T1210