diff --git a/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb b/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
index 1492ef1491dd337600bd627b6ac0a05f6b941db9..f7aa4b636661752706f95dad2737b24532756790 100644
--- a/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
+++ b/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
@@ -5,7 +5,7 @@
 RSpec.describe 'User with admin_vulnerability custom role', feature_category: :system_access do
   let_it_be(:user) { create(:user) }
   let_it_be(:project) { create(:project, :repository, :in_group) }
-  let_it_be(:role) { create(:member_role, :guest, :admin_vulnerability, namespace: project.group) }
+  let_it_be_with_reload(:role) { create(:member_role, :guest, :admin_vulnerability, namespace: project.group) }
   let_it_be(:membership) { create(:group_member, :guest, user: user, source: project.group, member_role: role) }
 
   before do
@@ -92,7 +92,14 @@
       })
     end
 
-    pending "has access via a custom role" do
+    before do
+      role.update_column(:admin_merge_request, true)
+      allow_next_instance_of(Commits::CommitPatchService) do |service|
+        allow(service).to receive(:execute).and_return(status: :success)
+      end
+    end
+
+    it "has access via a custom role" do
       post_graphql_mutation(graphql_mutation(:security_finding_create_merge_request, {
         uuid: security_finding.uuid.to_s
       }), current_user: user)