vulnerability

Gitlab Gitlab: CVE-2026-5296: Missing Authorization

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

May 27, 2026

Added

May 28, 2026

Modified

May 28, 2026

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions under certain conditions.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-862
CVE-2026-5296
https://attackerkb.com/topics/CVE-2026-5296
https://about.gitlab.com/releases/2026/05/27/patch-release-gitlab-19-0-1-released/
https://gitlab.com/gitlab-org/gitlab/-/work_items/595423
https://hackerone.com/reports/3626303
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-32619

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report