PatchSiren cyber security CVE debrief
CVE-2026-6269 GitLab CVE debrief
CVE-2026-6269 is a medium-severity vulnerability in GitLab CE/EE that could allow an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect authorization enforcements. The vulnerability affects all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2.
- Vendor
- GitLab
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of GitLab CE/EE versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 should be aware of this vulnerability and take steps to remediate it.
Technical summary
The vulnerability is caused by incorrect authorization enforcements in GitLab CE/EE, allowing an authenticated user with developer-role permissions to modify hidden merge requests. The CVSS score for this vulnerability is 5.4, indicating a medium severity.
Defensive priority
medium
Recommended defensive actions
- Update to a patched version of GitLab CE/EE (18.10.8, 18.11.5, or 19.0.2 or later)
- Review and update permissions for developer-role users
Evidence notes
Evidence for this vulnerability comes from the NVD and CVE.org.
Official resources
CVE-2026-6269 was published on 2026-06-11T12:16:32.090Z and modified on 2026-06-11T15:22:48.573Z.