CVE-2026-6352 in GitLabinfo

Summary

by MITRE • 07/09/2026

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability represents a critical authorization flaw in GitLab Enterprise Edition that could enable auditors to escalate their privileges and manipulate compliance violation records. The issue stems from inadequate access controls within the GraphQL API endpoints responsible for managing compliance-related data, specifically affecting versions prior to the mentioned patches. The flaw allows authenticated users with auditor-level permissions to perform unauthorized modifications to compliance violation records through improperly validated GraphQL operations.

The technical root cause of this vulnerability aligns with CWE-285, which addresses improper authorization in software systems. In GitLab's case, the GraphQL query execution engine failed to properly validate whether the requesting user possessed sufficient privileges to modify compliance violation records. This weakness exists within the API layer where GraphQL operations are processed without adequate authorization checks that should verify the user's actual role and permissions against the requested resource modifications.

From an operational perspective, this vulnerability presents significant risks to organizations relying on GitLab for compliance management and audit trails. Auditors typically require read-only access to ensure system integrity while maintaining oversight of compliance violations. However, the improper authorization mechanism allows these users to not only view but also modify violation records, potentially enabling malicious actors with auditor accounts to cover up security incidents or manipulate compliance data to meet regulatory requirements. This undermines the entire purpose of audit trails and compliance monitoring systems.

The ATT&CK framework categorizes this vulnerability under privilege escalation techniques where adversaries leverage existing user accounts with limited permissions to gain elevated access. Specifically, it relates to T1078.004 - Valid Accounts and T1566.002 - Phishing, as attackers could potentially escalate from auditor-level access to modify critical compliance data. Organizations using GitLab for security compliance monitoring face potential regulatory violations and audit failures if this vulnerability remains unpatched.

The recommended mitigation strategy involves applying the latest security patches released by GitLab for versions 18.11.7, 19.0.4, and 19.1.2 respectively, which address the improper authorization checks in GraphQL operations. System administrators should also implement additional monitoring of GraphQL API access patterns to detect anomalous behavior related to compliance violation record modifications. Organizations should review their user permission assignments to ensure that auditor roles have appropriate least-privilege access controls and consider implementing additional logging mechanisms for critical compliance data modifications. Regular security assessments of API endpoints and authorization controls should be conducted to prevent similar issues from emerging in other system components.

Responsible

GitLab

Reservation

04/15/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!