CVE-2026-4916 — Missing Authorization in Gitlab

CWE-862 — Missing Authorization15 documents5 sources

Severity

2.7LOWNVD

EPSS

0.0%

top 96.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab

Timeline

PublishedApr 8

Latest updateApr 9

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5gitlab/gitlab18.2 — 18.8.9+2

🔴Vulnerability Details

GHSA

GHSA-h92q-g5vv-9g2c: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18↗2026-04-09

▶

CVEList

Missing Authorization in GitLab↗2026-04-08

▶

📋Vendor Advisories

Debian

CVE-2026-4916: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2025-12664 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-1516 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2619 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-9484 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-1752 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶