Introduction
A missing CSRF check on GitLab's GraphQL API means that any authenticated user who visits a malicious web page could unknowingly execute mutations against their own GitLab instance, from modifying repository settings to altering project configurations. Given that GitLab CE/EE is one of the most widely deployed DevOps platforms and the vulnerable version range stretches back to 17.0, the exposure surface for self managed installations is substantial.
Technical Information
Root Cause
The vulnerability (CWE-352) exists in GitLab's /api/graphql endpoint. GraphQL mutations are the operations used to create, update, or delete data. The endpoint was not properly validating the origin of incoming state changing requests, meaning it did not enforce anti forgery token checks on mutation operations. This is a classic CSRF gap: the server trusts that any request carrying valid session cookies is intentionally issued by the authenticated user, without verifying that the request actually originated from a legitimate GitLab page.
CVSS Breakdown
The CVSS 3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N, producing a base score of 8.1 (High).
| Metric | Value | Implication |
|---|---|---|
| Attack Vector (AV) | Network (N) | Exploitable remotely over the internet |
| Attack Complexity (AC) | Low (L) | No specialized access conditions required |
| Privileges Required (PR) | None (N) | The attacker does not need prior authentication |
| User Interaction (UI) | Required (R) | A victim must interact with malicious content |
| Confidentiality (C) | High (H) | Total loss of confidentiality for the affected user session |
| Integrity (I) | High (H) | Total loss of integrity; unauthorized data modification |
| Availability (A) | None (N) | No direct impact on system availability |
The key takeaway from these metrics: the attacker needs zero privileges on the target system. The only prerequisite is that an authenticated GitLab user visits attacker controlled content.
Attack Flow
-
Reconnaissance: The attacker identifies a target GitLab instance (self managed) and determines it is running a vulnerable version (17.0 through 18.11.0, 18.10.0 through 18.10.3, or 18.9.0 through 18.9.5).
-
Payload crafting: The attacker creates a malicious HTML page containing a form or JavaScript that submits a GraphQL mutation request to the target's
/api/graphqlendpoint. The mutation could target any writable operation exposed through the GraphQL schema. -
Delivery: The attacker distributes the malicious page via phishing email, a compromised website, or any channel likely to be visited by users who are authenticated to the target GitLab instance.
-
Execution: When an authenticated GitLab user visits the malicious page, the browser automatically attaches the user's valid session cookies to the forged request. The GitLab server, lacking proper anti forgery token validation on the GraphQL endpoint, processes the mutation as a legitimate authenticated request.
-
Impact: The attacker's chosen mutation executes under the victim's identity. Depending on the victim's permissions, this could include modifying repository settings, changing project configurations, updating user account details, or performing any other write operation available through the GraphQL API.
The confidentiality impact is rated High because GraphQL mutations can return sensitive data in their responses, and the integrity impact is High because the attacker can make arbitrary modifications within the scope of the victim's permissions.
Patch Information
GitLab has officially patched CVE-2026-4922 in a coordinated security release published on April 22, 2026. The fix ships in three concurrent patch versions covering both the Community Edition (CE) and the Enterprise Edition (EE):
| Release Train | Fixed Version | Vulnerable Range |
|---|---|---|
| 18.11.x | 18.11.1 | 18.11.0 |
| 18.10.x | 18.10.4 | 18.10.0 to 18.10.3 |
| 18.9.x | 18.9.6 | 17.0.0 to 18.9.5 |
The patch strengthens the API's verification of request origins so that mutation requests without valid anti forgery tokens are rejected.
Deployment considerations:
- GitLab.com (SaaS): Already running the patched code. No user action required.
- GitLab Dedicated: Managed by GitLab; no customer action required.
- Self managed installations: Must be upgraded to one of the three fixed versions as soon as possible. These patch releases include database migrations, so single node instances will experience some downtime during the upgrade. Multi node deployments following GitLab's zero downtime upgrade procedures can apply the patch without service interruption.
The vulnerability was initially reported by the security researcher ahacker1 through GitLab's HackerOne bug bounty program (report #3627285). GitLab has filed a corresponding internal work item (#594937), which remains confidential. Per GitLab's disclosure policy, full technical details will be made public on their issue tracker 30 days after this patch release.
Affected Systems and Versions
The vulnerability affects all GitLab CE/EE versions starting from 17.0 that have not been updated to one of the three fixed releases. Specifically:
- GitLab CE/EE 17.0.0 through 18.9.5 (fixed in 18.9.6)
- GitLab CE/EE 18.10.0 through 18.10.3 (fixed in 18.10.4)
- GitLab CE/EE 18.11.0 (fixed in 18.11.1)
GitLab.com and GitLab Dedicated environments are already patched and are not affected. Only self managed installations running versions within the ranges above are vulnerable.
Administrators should verify their current GitLab version against this matrix. Any self managed instance running a version in the affected range and exposing the GraphQL API (which is enabled by default) is susceptible.
Vendor Security History
GitLab maintains a structured security release process with scheduled patch releases twice a month and ad hoc critical patches for high severity vulnerabilities. The company operates a bug bounty program through HackerOne, which is how CVE-2026-4922 was identified and responsibly disclosed. Notably, a prior CSRF issue on the /api/graphql endpoint was tracked in GitLab issue #324397, suggesting that CSRF protection on the GraphQL layer has been a recurring area of attention for the GitLab security team.
GitLab's 30 day disclosure window, where vulnerability details are made public on their issue tracker after the patch release, provides a defined remediation timeline for administrators. This policy balances transparency with giving organizations time to patch, but it also means that detailed exploitation information will become publicly available, making timely upgrades essential.
