A vulnerability classified as critical was found in GitLab Community Edition and Enterprise Edition up to 18.10.7/18.11.4/19.0.1 . Affected by this vulnerability is an unknown functionality of the component Merge Request Handler . Such manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2026-6269 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.