Skip to main content

GitLab EE EUVD-2026-36223

| CVE-2026-10087 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-06-11 GitLab GHSA-vcvx-j5vc-8jhr
Gitlab XSS
8.7
CVSS 3.1 · Vendor: GitLab
Share

Severity by source

Vendor (GitLab) PRIMARY
8.7 HIGH
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
vuln.today AI
8.7 HIGH

Network-reachable web UI (AV:N/AC:L), requires a low-privilege developer account (PR:L) and victim navigation (UI:R); stored XSS escapes the vulnerable component to the victim's session (S:C) with high C/I impact and no availability effect.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (GitLab).

CVSS VectorVendor: GitLab

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch available
Jun 11, 2026 - 13:01 EUVD
Analysis Generated
Jun 11, 2026 - 11:54 vuln.today
CVE Published
Jun 11, 2026 - 10:19 cve.org
HIGH 8.7

DescriptionCVE.org

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.

Articles & Coverage 2

News 5 New GitLab Vulnerabilities - 5 High Severity, 4 With POC Jun 12, 2026 News 4 New GitLab Vulnerabilities - 4 High Severity, All With POC Jun 11, 2026

AnalysisAI

Stored cross-site scripting in GitLab Enterprise Edition's Analytics Dashboard allows an authenticated developer-role user to execute arbitrary client-side JavaScript in the browser of a targeted user, leveraging improper input sanitization. The flaw affects all 17.1 through 18.10.x, 18.11.x, and 19.0.x branches before fixed releases, and publicly available exploit code exists via a HackerOne report, raising the realistic risk of opportunistic abuse against multi-tenant GitLab instances.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain developer role on target GitLab EE project
Delivery
Inject XSS payload into Analytics Dashboard field
Exploit
Lure maintainer/admin to view dashboard
Execution
Payload executes in victim browser under GitLab origin
Persist
Steal session/API token or perform actions as victim
Impact
Escalate to project or instance-wide compromise
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must hold at least Developer-role membership on a GitLab EE project with the Analytics Dashboard feature available, the target instance must run an unpatched affected version (17.1-18.10.7, 18.11-18.11.4, or 19.0-19.0.1) of GitLab Enterprise Edition (Community Edition is not affected), and a victim user must navigate to the attacker-influenced Analytics Dashboard (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N (8.7) reflects a network-reachable XSS that needs a low-privilege developer account and a user click/visit but, due to scope change, can fully impact the victim's session integrity and confidentiality within GitLab. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a developer account on a shared GitLab EE instance crafts a project Analytics Dashboard containing a malicious payload in an unsanitized field; when a maintainer or admin opens that dashboard, the JavaScript executes in their authenticated browser context and can steal session tokens, perform CSRF-style API calls (e.g. add SSH keys, exfiltrate repositories) or pivot to higher privileges. …
Remediation Vendor-released patch: upgrade GitLab EE to 18.10.8, 18.11.5, or 19.0.2 as appropriate for your branch, per the GitLab patch release at https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all GitLab EE instances running versions 17.1-19.0.x; restrict Analytics Dashboard access to trusted administrative accounts; enable audit logging on dashboard interactions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-8589 HIGH POC
8.7 Jun 11

Stored cross-site scripting and account integrity abuse in GitLab Enterprise Edition versions 13.1.4 through 18.10.7, 18
CVE-2026-6552 HIGH POC
8.7 Jun 11

Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack
CVE-2026-7250 HIGH POC
7.5 Jun 11

Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows un
CVE-2026-1500 MEDIUM POC
6.5 Jun 11

Uncontrolled resource consumption in GitLab CE/EE's file upload processing pipeline enables any authenticated user to tr
CVE-2026-6269 MEDIUM POC
5.4 Jun 11

Incorrect authorization enforcement in GitLab CE/EE exposes hidden merge requests to unauthorized modification by authen

Share

EUVD-2026-36223 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy