CVE-2025-13772
Missing Authorization in GitLab
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.
| CWE | CWE-862 |
| Vendor | gitlab |
| Product | gitlab |
| Ecosystems | |
| Industries | Technology |
| Published | Jan 9, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for gitlab gitlab
Be the first to know when new high vulnerabilities affecting gitlab gitlab are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
GitLab / GitLab
18.4 < 18.5.5 18.6 < 18.6.3 18.7 < 18.7.1
References
gitlab.com: https://gitlab.com/gitlab-org/gitlab/-/issues/581268 about.gitlab.com: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-13772 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2428224 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13772.json
Credits
This vulnerability has been discovered internally by GitLab team member [Jessie Young] (https://gitlab.com/jessieay)