What is CVE-2026-11379?

CVE-2026-11379 is a medium-severity vulnerability in Gitlab, classified under Incorrect Authorization. CVSS score: 5.3/10. Published 2026-06-25.

How severe is CVE-2026-11379?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Gitlab

CVE-2026-11379

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Develop…

Vulnerability class: Broken Access Control

EPSS: 0.002 (8.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Gitlab — versions 13.11, 19.0, 19.1

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

cve@gitlab.com
cve@gitlab.com

Frequently asked questions

What is CVE-2026-11379?: CVE-2026-11379 is a medium-severity vulnerability in Gitlab, classified under Incorrect Authorization. CVSS score: 5.3/10. Published 2026-06-25.
How severe is CVE-2026-11379?: Medium severity. CVSS v3 base score is 5.3 out of 10.