PT-2026-48629 · Gitlab · Gitlab Ce/Ee
Published
2026-06-11
·
Updated
2026-06-11
·
CVE-2026-6552
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 15.5 through 18.10.7
GitLab EE versions 18.11 through 18.11.4
GitLab EE versions 19.0 through 19.0.1
Description
Improper authorization in the Group SAML identity management functionality allows an authenticated user with the group Owner role to take over the account of another group member under certain conditions.
Recommendations
Update to version 18.10.8
Update to version 18.11.5
Update to version 19.0.2
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee