A vulnerability identified as critical has been detected in GitLab up to 18.11.6/19.0.3/19.1.1. This affects an unknown function of the component GraphQL Operations. The manipulation leads to improper authorization.

This vulnerability is traded as CVE-2026-6352. It is possible to initiate the attack remotely. There is no exploit available.