GitLab
Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
2026-02-04
Description
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
Remediation
FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA KEV Details
Deadline: February 23, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Appeared in Briefs
February 23, 2026
February 22, 2026
February 21, 2026
February 20, 2026
February 19, 2026
February 18, 2026
February 17, 2026
February 16, 2026
February 15, 2026
February 14, 2026
February 13, 2026
February 12, 2026
February 11, 2026
February 10, 2026
February 9, 2026
February 8, 2026
February 7, 2026
February 6, 2026
February 5, 2026
February 4, 2026
---METADATA---
VENDOR: GitLab
PRODUCT: GitLab EE
AFFECTED_VERSIONS: GitLab EE: all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2
---END_METADATA---
Description Summary:
An improper authorization flaw in Group SAML identity management allows authenticated group owners to perform account takeovers of other group members.
Executive Summary:
A critical authorization vulnerability in GitLab EE has been observed in the wild, allowing authenticated group owners to compromise the accounts of other group members.
Vulnerability Details
CVE-ID: CVE-2026-6552
Affected Software: GitLab, GitLab EE
Affected Versions: GitLab EE: all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2
Vulnerability: The vulnerability stems from an improper authorization flaw within the Group SAML identity management functionality. It allows an authenticated user with a group Owner role to manipulate identity associations, enabling the takeover of another group member's account.
Business Impact
With a CVSS score of 8.7, this flaw poses a severe risk to organizational identity and access management. Because this vulnerability has been confirmed as exploited in the wild, the threat to business continuity and data integrity is immediate, potentially allowing attackers to bypass standard authentication controls and gain unauthorized access to proprietary intellectual property.
Remediation Plan
Immediate Action: Patch all affected GitLab EE installations to version 19.0.2, 18.11.5, or 18.10.8 immediately.
Proactive Monitoring: Monitor SAML authentication logs and group membership changes for suspicious modifications or unauthorized identity linking activities.
Compensating Controls: Restrict "Owner" role permissions to a minimal set of trusted administrators until the patch is successfully applied to reduce the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 12, 2026, this vulnerability has been exploited in the wild. Given the confirmed active exploitation, this must be treated as a high-priority security incident.
Analyst Recommendation
This vulnerability represents an active and critical threat to your environment. Administrators should verify if any unauthorized SAML identity modifications have occurred in their audit logs and apply the recommended security updates without delay to prevent further exploitation.