ByteOS Network

NVD Vulnerability Details :

CVE-2026-6063

Received

Source-cve@gitlab.com

Published At-14 May, 2026 | 06:16

Updated At-14 May, 2026 | 06:16

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests due to improper access control.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-639	Primary	cve@gitlab.com

CWE ID: CWE-639

Type: Primary

Source: cve@gitlab.com

References

Hyperlink	Source	Resource
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/	cve@gitlab.com	N/A
https://gitlab.com/gitlab-org/gitlab/-/work_items/596332	cve@gitlab.com	N/A
https://hackerone.com/reports/3649087	cve@gitlab.com	N/A