diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue
index 5994fd8632e2b45a9070fc47cac59e4cab4cb5c4..f04f622e600cfc7e9a9d29e31cb4443812570ea7 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header.vue
@@ -19,10 +19,17 @@ export default {
     newVulnerabilityPath: {
       default: '',
     },
+    canAdminVulnerability: {
+      default: false,
+    },
   },
   computed: {
     shouldShowNewVulnerabilityButton() {
-      return this.glFeatures.newVulnerabilityForm && Boolean(this.newVulnerabilityPath);
+      return (
+        this.glFeatures.newVulnerabilityForm &&
+        Boolean(this.newVulnerabilityPath) &&
+        this.canAdminVulnerability
+      );
     },
   },
   i18n: {
diff --git a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js
index 823fac10068e3167259acaad99c8f73337ef7c65..307874164e743330ab987e6ad49c8d9369603e44 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_report_header_spec.js
@@ -20,6 +20,7 @@ describe('Vulnerability report header component', () => {
   it('shows the submit vulnerability button when new vulnerability path is defined', () => {
     createWrapper({
       provide: {
+        canAdminVulnerability: true,
         newVulnerabilityPath: '/vulnerabilities/new',
         glFeatures: { newVulnerabilityForm: true },
       },
@@ -33,6 +34,19 @@ describe('Vulnerability report header component', () => {
   it('does not show the submit vulnerability button when new vulnerability path is not defined', () => {
     createWrapper({
       provide: {
+        canAdminVulnerability: true,
+        glFeatures: { newVulnerabilityForm: true },
+      },
+    });
+
+    expect(wrapper.findByText('Submit vulnerability').exists()).toBe(false);
+  });
+
+  it('does not should the submit vulnerability button when user cannot admin vulnerabilities', () => {
+    createWrapper({
+      provide: {
+        canAdminVulnerability: false,
+        newVulnerabilityPath: '/vulnerabilities/new',
         glFeatures: { newVulnerabilityForm: true },
       },
     });
@@ -43,6 +57,7 @@ describe('Vulnerability report header component', () => {
   it('does not show the submit vulnerability button when the feature flag is not enabled', () => {
     createWrapper({
       provide: {
+        canAdminVulnerability: true,
         newVulnerabilityPath: '/vulnerabilities/new',
       },
     });