CVE-2025-11246 | GitLab Community Edition/Enterprise Edition up to 18.5.4/18.6.2/18.7.0 GraphQL Runner Association insufficient granularity of access control (Issue 573728)

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.5.4/18.6.2/18.7.0. This issue affects some unknown processing of the component GraphQL Runner Association Handler. Such manipulation leads to insufficient granularity of access control.

This vulnerability is documented as CVE-2025-11246. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More