Is Gitlab affected by EUVD-2026-15811?

A high-severity vulnerability in GitLab Enterprise Edition allows low-privileged users to hijack other user accounts by injecting malicious email addresses through insufficient HTML sanitization.

EUVD-2026-15811

| CVE-2026-2995 HIGH

2026-03-25 GitLab

GHSA-3qcv-5pqj-c2h7

7.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

PoC Detected

Mar 26, 2026 - 17:42 vuln.today

Public exploit code

Analysis Generated

Mar 25, 2026 - 16:47 vuln.today

EUVD ID Assigned

Mar 25, 2026 - 16:47 euvd

EUVD-2026-15811

CVE Published

Mar 25, 2026 - 16:33 nvd

HIGH 7.7

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.

Analysis

Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. …

Remediation

Within 24 hours: Identify all GitLab EE instances running versions 15.4-18.10.0 and assess user exposure; restrict GitLab access to essential personnel only. Within 7 days: Implement WAF rules to block XSS payloads targeting email modification endpoints; enable audit logging for account modifications; notify users to monitor for unauthorized email changes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

EUVD-2026-15811 vulnerability details – vuln.today

Back

EUVD-2026-15811

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-15811

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code