What is the CVSS score of EUVD-2026-25046?

EUVD-2026-25046 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of GitLab CE/EE are affected by EUVD-2026-25046?

GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 contain a high-severity cross-site scripting vulnerability that allows unauthenticated attackers to execute malicious code in user browsers through…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-25046?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25046. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-25046?

Within 24 hours: Identify all GitLab CE/EE instances running versions 18.10.0-18.10.3 or 18.11.0 and assess user exposure. Within 7 days: Apply vendor-released patches-upgrade to GitLab CE/EE version 18.10.4 or 18.11.1 or later. Within 30 days: Conduct post-patch validation, review access logs for exploitation indicators, and reset security tokens/sessions for users who accessed the platform during the vulnerable window.

GitLab CE/EE EUVD-2026-25046

| CVE-2026-5816 HIGH

Improper Resolution of Path Equivalence (CWE-41)

2026-04-22 GitLab

GHSA-gj6x-vqpx-4p3c

Information Disclosure Gitlab

8.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 20:42 vuln.today

cvss_changed

PoC Detected

Apr 23, 2026 - 20:30 vuln.today

Public exploit code

Patch released

Apr 23, 2026 - 20:30 nvd

Patch available

Analysis Generated

Apr 23, 2026 - 00:16 vuln.today

Patch available

Apr 22, 2026 - 17:33 EUVD

EUVD ID Assigned

Apr 22, 2026 - 16:31 euvd

EUVD-2026-25046

Analysis Generated

Apr 22, 2026 - 16:31 vuln.today

CVE Published

Apr 22, 2026 - 16:04 nvd

HIGH 8.0

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.

AnalysisAI

Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. …

RemediationAI

Within 24 hours: Identify all GitLab CE/EE instances running versions 18.10.0-18.10.3 or 18.11.0 and assess user exposure. Within 7 days: Apply vendor-released patches-upgrade to GitLab CE/EE version 18.10.4 or 18.11.1 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

EUVD-2026-25046 vulnerability details – vuln.today

Back

GitLab CE/EE EUVD-2026-25046

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code