GitLab Issues Emergency Patches for Multiple Security Vulnerabilities
Severity: High (Score: 74.0)
Sources: Gbhackers, Cybersecuritynews
Published: · Updated:
Keywords: gitlab, multiple, edition, patches, authorization, flaws, community
Severity indicators: flaw
Summary
GitLab has released urgent security patches for versions 19.0.1, 18.11.4, and 18.10.7 to address seven vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). The flaws include access control issues in Duo AI workflows, a denial-of-service (DoS) vulnerability in the Wiki feature, and various authorization bugs across multiple endpoints. Self-managed installations are advised to upgrade immediately to mitigate potential exploitation. The vulnerabilities could allow unauthorized access and service disruptions, impacting a wide range of users relying on GitLab for development operations. GitLab's advisory emphasizes the critical nature of these updates for maintaining security integrity. Key Points: • GitLab released patches for seven critical vulnerabilities affecting CE and EE. • Flaws include Duo AI access control issues and a Wiki DoS vulnerability. • Self-managed installations are urged to upgrade immediately to prevent exploitation.
Detailed Analysis
**Impact** Self-managed GitLab installations running Community Edition (CE) and Enterprise Edition (EE) versions 19.0.1, 18.11.4, and 18.10.7 are affected. The vulnerabilities impact access control in Duo AI workflow runners, authorization mechanisms across GraphQL, Duo Workflows, Operations, Pipelines, and authentication endpoints, as well as a Wiki denial-of-service flaw. The scope includes organizations using GitLab for software development and CI/CD pipelines, potentially affecting multiple sectors globally. Data at risk includes repository contents and operational integrity of development workflows. **Technical Details** The vulnerabilities include seven security issues related to Duo AI workflow runner access control, denial-of-service in Wiki functionality, and multiple authorization bugs across various GitLab components. No specific CVEs or malware/tools are mentioned in the articles. The attack vectors involve exploiting authorization flaws and denial-of-service weaknesses in self-managed GitLab instances. No indicators of compromise (IOCs) or infrastructure details were provided. **Recommended Response** Apply the emergency security patches by upgrading to GitLab versions 19.0.1, 18.11.4, or 18.10.7 immediately on all self-managed CE and EE instances. Monitor authentication and workflow runner logs for unusual access patterns or failed authorization attempts. Harden access controls around Duo AI workflows and review configurations related to GraphQL and pipeline permissions. No additional IOCs or detection signatures are currently available.
Source articles (2)
- GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities — Gbhackers · 2026-05-29
GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw,… - GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition — Cybersecuritynews · 2026-05-30
GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of…
Timeline
- 2026-05-27 — GitLab releases security updates: Versions 19.0.1, 18.11.4, and 18.10.7 were shipped to address multiple vulnerabilities.
- 2026-05-29 — Patches announced: GitLab confirmed the release of patches for critical vulnerabilities affecting self-managed installations.
Related entities
- DDoS (Attack Type)
- Denial of Service (Attack Type)
- Gitlab (Platform)