CVE-2026-6552

216.73.217.22

· Published 11/06/2026 14:16 · Modified 11/06/2026 17:36 · Author: The MITRE Corporation

Labels: CVE-2026-6552 2026-06-11 CVE-2026-6552 CWE-639 [email protected]

Essential information

Published: 11/06/2026 14:16
Modified: 11/06/2026 17:36
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 8.7 HIGH (v3.1)
CISA KEV: No
CWE: CWE-639
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`