CVE-2026-4868 GitLab CVE debrief

Who should care

Organizations running GitLab Enterprise Edition with Duo AI features enabled, particularly those with multi-user environments where workflow isolation between users is security-critical. Security teams responsible for AI/ML pipeline governance and identity management in DevSecOps platforms.

Technical summary

The vulnerability exists in GitLab EE's Duo AI workflow runner trigger mechanism. When an authenticated user initiates certain Duo AI workflows, improper resolution of user identity context could result in the workflow executing with permissions and audit attribution of a different user. This represents an authorization bypass (CWE-639) where user-controlled input influences identity resolution. The attack requires network access, valid low-privilege credentials, and specific trigger conditions, with high attack complexity reducing but not eliminating exploitation risk. Successful exploitation could allow cross-user workflow execution with potential access to data or operations belonging to the impersonated user.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade GitLab EE to patched versions 18.10.7, 18.11.4, or 19.0.1 or later
• Verify Duo AI workflow runner configurations for unexpected execution contexts
• Review audit logs for anomalous Duo AI workflow executions prior to patching
• If immediate patching is not feasible, restrict access to Duo AI workflow features to trusted administrative users only
• Monitor for unauthorized workflow executions that may indicate attempted exploitation

Evidence notes

Vulnerability affects GitLab EE only; GitLab CE is not impacted. The issue was internally tracked and remediated via standard patch release cycle. CVSS vector indicates network attack vector with high attack complexity, low privileges required, no user interaction, and scope change with high impact to confidentiality and integrity.

Official resources