New GitLab Security Updates Fix Critical Flaws in Duo AI

GitLab issued urgent security updates fixing multiple vulnerabilities across Community and Enterprise editions—most notably a high-severity Duo AI identity-spoofing flaw (CVE-2026-4868, CVSS 8.2) that could allow workflows to run under another user’s identity, plus medium-risk pipeline name resolution and project access token validation bugs (CVE-2026-8716, CVE-2026-2710). The advisory states there are no practical workarounds and urges administrators to upgrade to versions 19.0.1, 18.11.4, or 18.10.7 immediately to restore correct permission controls.