Security
GitLab security release 19.0.2, 18.11.5, 18.10.8
- Category: Security
- Status: confirmed
- Sources: GitLab patch release docs
- Summary: GitLab released versions 19.0.2, 18.11.5, and 18.10.8 on 2026-06-10 patching 12 vulnerabilities in CE and EE. High-severity CVEs include CVE-2026-6552 (improper access control in Group SAML Identity API affecting GitLab EE from 15.5, CVSS 8.7, enables full account takeover), CVE-2026-10087 (stored XSS in Analytics Dashboard, CVSS 8.7), CVE-2026-7250 (unauthenticated denial of service in Grape API JSON parsing, affects all versions from 12.10, CVSS 7.5), and CVE-2026-8589 (HTML injection in group-setting fields, CVSS 7.3).
- Why it matters: CVE-2026-6552 enables account takeover on GitLab EE via SAML; all self-managed GitLab instances should upgrade immediately to 19.0.2, 18.11.5, or 18.10.8.