CVE-2026-5296

Sažetak

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions under certain conditions.

Reference

https://about.gitlab.com/releases/2026/05/27/patch-release-gitlab-19-0-1-released/
https://gitlab.com/gitlab-org/gitlab/-/work_items/595423
https://hackerone.com/reports/3626303

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

27-05-2026 - 20:46

Objavljeno

27-05-2026 - 19:16