GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition

GitLab released emergency security updates (19.0.1, 18.11.4, 18.10.7) for self‑managed instances to remediate multiple vulnerabilities across Duo AI workflow runners, the Wiki component, GraphQL WorkItem APIs, pipelines, and authentication endpoints — including a high‑impact access control bug (CVE‑2026‑4868, CVSS 8.2) that could let authenticated users run Duo AI workflows as other users; administrators are urged to upgrade immediately as GitLab.com is already patched.