What happened
GitLab Enterprise Edition versions prior to 19.1.1, 19.0.3, and 18.11.6 contain a high-severity information disclosure vulnerability in the Duo Workflows AI feature. Insufficient output filtering in the Duo Workflows component could allow an authenticated user to access sensitive data — including source code — already committed to a GitLab project. The flaw was patched on June 24, 2026 and carries CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
Why it matters
Duo Workflows is GitLab's AI-powered coding assistant that has deep access to repository contents. A privilege-confused output filter in an AI feature can silently leak source code, secrets, or configuration data committed to a project, turning the AI assistant itself into an exfiltration channel. Any GitLab EE user with at least developer-level permissions could potentially access data outside their intended scope.
Attack vector
Authenticated attacker with developer-role permissions interacts with Duo Workflows AI feature; insufficient output filtering exposes committed sensitive data from the project
Affected systems
GitLab EE 19.1 prior to 19.1.1; GitLab EE 19.0 prior to 19.0.3; GitLab EE 18.11 prior to 18.11.6
Mitigation
Upgrade to GitLab EE 19.1.1, 19.0.3, or 18.11.6. Advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/