PT-2026-40875 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2026-6883

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2
Description An issue exists where an authenticated user can bypass merge request approval requirements. This occurs due to the improper cleanup of orphaned policy records, which are outdated or disconnected configuration entries that remain in the system after the associated policy has been deleted.
Recommendations Update versions 15.7 through 18.9.6 to 18.9.7. Update versions 18.10 through 18.10.5 to 18.10.6. Update versions 18.11 through 18.11.2 to 18.11.3.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-GITLAB-2026-6883
CVE-2026-6883

Affected Products

Gitlab Ce/Ee