{"api_version":"1","generated_at":"2026-07-09T18:45:07+00:00","cve":"CVE-2026-13151","urls":{"html":"https://cve.report/CVE-2026-13151","api":"https://cve.report/api/cve/CVE-2026-13151.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-13151","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-13151"},"summary":{"title":"Incorrect Authorization in GitLab","description":"GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.","state":"PUBLISHED","assigner":"GitLab","published_at":"2026-07-08 21:16:46","updated_at":"2026-07-09 16:39:17"},"problem_types":["CWE-863","CWE-863 CWE-863: Incorrect Authorization"],"metrics":[{"version":"3.1","source":"cve@gitlab.com","type":"Secondary","score":"2.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"2.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/598813","name":"https://gitlab.com/gitlab-org/gitlab/-/work_items/598813","refsource":"cve@gitlab.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/","name":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/","refsource":"cve@gitlab.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-13151","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-13151","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"GitLab","product":"GitLab","version":"affected 16.10 18.11.7 semver","platforms":[]},{"source":"CNA","vendor":"GitLab","product":"GitLab","version":"affected 19.0 19.0.4 semver","platforms":[]},{"source":"CNA","vendor":"GitLab","product":"GitLab","version":"affected 19.1 19.1.2 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to versions 18.11.7, 19.0.4, 19.1.2 or above.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"This vulnerability has been discovered internally by GitLab team member zli","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-13151","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-09T14:25:42.875527Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-09T14:25:51.832Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","vendor":"GitLab","versions":[{"lessThan":"18.11.7","status":"affected","version":"16.10","versionType":"semver"},{"lessThan":"19.0.4","status":"affected","version":"19.0","versionType":"semver"},{"lessThan":"19.1.2","status":"affected","version":"19.1","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"This vulnerability has been discovered internally by GitLab team member zli"}],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863: Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T20:46:18.853Z","orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab"},"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/598813"},{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/"}],"solutions":[{"lang":"en","value":"Upgrade to versions 18.11.7, 19.0.4, 19.1.2 or above."}],"title":"Incorrect Authorization in GitLab"}},"cveMetadata":{"assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","assignerShortName":"GitLab","cveId":"CVE-2026-13151","datePublished":"2026-07-08T20:46:18.853Z","dateReserved":"2026-06-24T10:43:58.146Z","dateUpdated":"2026-07-09T14:25:51.832Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-08 21:16:46","lastModifiedDate":"2026-07-09 16:39:17","problem_types":["CWE-863","CWE-863 CWE-863: Incorrect Authorization"],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:25:42.875527Z","id":"CVE-2026-13151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"13151","Ordinal":"1","Title":"Incorrect Authorization in GitLab","CVE":"CVE-2026-13151","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"13151","Ordinal":"1","NoteData":"GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.","Type":"Description","Title":"Incorrect Authorization in GitLab"}]}}}