Technical description
GitLab Enterprise Edition contains an improper user identity resolution vulnerability in its Duo AI workflow runner system. Under certain conditions, an authenticated user can cause specific Duo AI workflows to execute under another user's identity, bypassing the intended authorization model for AI-assisted operations. The flaw affects all GitLab EE versions from 18.8 through 18.10.6, 18.11 through 18.11.3, and 19.0 through 19.0.0. CVSS 3.1 score of 8.2 HIGH (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) per GitLab's own CNA assessment.
Attack vector
Network-accessible, requires low privilege (authenticated user). Attacker triggers a Duo AI workflow execution under conditions that cause the runner to incorrectly resolve user identity, allowing actions to be attributed to and/or executed with another user's permissions. High complexity (AC:H) suggests specific triggering conditions are required, though the High confidentiality and integrity impact (C:H/I:H) with Changed scope (S:C) indicates cross-tenant or cross-permission-boundary impact when exploited.
Affected systems
GitLab Enterprise Edition (EE) versions 18.8.0 through 18.10.6, 18.11.0 through 18.11.3, and 19.0.0. GitLab.com SaaS instances were patched server-side. Self-managed GitLab EE deployments require immediate upgrade.
Mitigation
Upgrade to patched versions: GitLab EE 18.10.7, 18.11.4, or 19.0.1. Patch release published May 27, 2026. Organizations that cannot immediately upgrade should review Duo AI workflow usage, audit recent Duo AI activity logs for unexpected identity attribution, and consider temporarily restricting Duo AI workflow capabilities until the patch can be applied.