CVE-2026-44730: OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-44730 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →