CVE-2026-4868 Overview
GitLab disclosed an authorization flaw in GitLab Enterprise Edition (EE) that allows an authenticated user to execute specific Duo AI workflows under another user's identity. The issue stems from improper user identity resolution when triggering Duo AI workflow runners. The vulnerability affects all GitLab EE versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. It maps to [CWE-639] Authorization Bypass Through User-Controlled Key. GitLab released patched versions on May 27, 2026.
Critical Impact
An authenticated attacker can cause Duo AI workflows to run as another user, breaking the security boundary between accounts and enabling unauthorized actions within the victim's project context.
Affected Products
- GitLab Enterprise Edition versions 18.8 through 18.10.6
- GitLab Enterprise Edition versions 18.11 through 18.11.3
- GitLab Enterprise Edition version 19.0.0
Discovery Timeline
- 2026-05-27 - GitLab releases security patch in versions 18.10.7, 18.11.4, and 19.0.1
- 2026-05-27 - CVE-2026-4868 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2026-4868
Vulnerability Analysis
The vulnerability resides in the Duo AI workflow runner subsystem of GitLab EE. When a user triggers a Duo AI workflow, the platform fails to correctly resolve the identity associated with the workflow run. Under specific conditions, the runner executes the workflow using a different user's identity instead of the requester's identity. This breaks GitLab's authorization model, where workflow actions inherit and are constrained by the initiating user's permissions. The flaw is classified under [CWE-639] Authorization Bypass Through User-Controlled Key, indicating that attacker-controlled inputs influence whose context the workflow assumes.
Root Cause
The root cause is improper user identity resolution in the code path that hands off workflow execution to the Duo AI runner. Rather than binding the runner session to the authenticated requester through a server-validated identifier, the resolution logic accepts or derives an identity that can resolve to a different account under certain trigger conditions. The result is an authorization gap between the request layer and the execution layer.
Attack Vector
Exploitation requires network access to the GitLab instance and a low-privileged authenticated account. The attacker triggers a Duo AI workflow under conditions that cause the runner to resolve identity to another user. Subsequent workflow actions, such as repository reads, code generation against private projects, or AI-driven changes, execute with the victim's permissions. Attack complexity is high because the attacker must satisfy specific preconditions for the identity mismatch to occur. No user interaction from the victim is required.
No public proof-of-concept code is available. Technical specifics are tracked in the GitLab Work Item Details and the HackerOne Report #3619872.
Detection Methods for CVE-2026-4868
Indicators of Compromise
- Duo AI workflow audit events where the triggering user does not match the identity used by the workflow runner during execution.
- Unexpected access to private projects, snippets, or merge requests by Duo AI workflows correlated to users who did not initiate the action.
- Workflow runs against repositories that the initiating account does not have permission to view directly.
Detection Strategies
- Review GitLab audit logs and Duo AI workflow execution logs for discrepancies between the triggered_by field and the effective identity that performed downstream API calls.
- Correlate workflow_run events with project access events to flag executions that touch resources outside the requester's authorized scope.
- Hunt for repeated Duo AI workflow triggers from a single low-privileged account that produce access patterns inconsistent with that account's normal project membership.
Monitoring Recommendations
- Forward GitLab application, audit, and Duo workflow logs to a centralized analytics platform and alert on identity-mismatch patterns.
- Baseline Duo AI workflow usage per user and alert on volume spikes or access to newly touched projects.
- Monitor administrative endpoints related to Duo AI configuration for unexpected changes following suspicious workflow runs.
How to Mitigate CVE-2026-4868
Immediate Actions Required
- Upgrade GitLab EE to 18.10.7, 18.11.4, or 19.0.1 as applicable to your release branch.
- Audit Duo AI workflow runs since the affected versions were deployed and validate that the executing identity matches the initiating user.
- Rotate tokens or credentials exposed to any Duo AI workflow that shows identity discrepancies in audit data.
Patch Information
GitLab published fixed releases on May 27, 2026. The fix is included in GitLab EE versions 18.10.7, 18.11.4, and 19.0.1. Refer to the GitLab Patch Release Note for upgrade guidance and full release contents.
Workarounds
- Disable Duo AI workflow features at the instance or group level until the upgrade is completed if patching cannot be performed immediately.
- Restrict Duo AI workflow access to a limited set of trusted users through role-based permissions while the patch is staged.
- Increase logging verbosity for Duo AI workflow execution to capture identity resolution events for forensic review.
# Upgrade examples for self-managed GitLab EE
# Omnibus on Debian/Ubuntu
sudo apt-get update && sudo apt-get install gitlab-ee=19.0.1-ee.0
# Omnibus on RHEL/CentOS
sudo yum install gitlab-ee-19.0.1-ee.0
# Verify installed version
sudo gitlab-rake gitlab:env:info | grep "GitLab information" -A 2
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
