225
CVEs
7
Critical
59
High
0
KEV
35
PoC
32
Unpatched C/H
52.4%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
7
HIGH
59
MEDIUM
125
LOW
33
Monthly CVE Trend
Affected Products (30)
Open Redirect
18
Ubuntu
14
Kubernetes
12
Linux Kernel
8
Docker
5
Node.js
5
Jwt Attack
5
Debian Linux
4
Github Branch Source
3
Mattermost
3
Java
3
Gitlab Authentication
3
Gitlab Shell
3
Session Fixation
3
Violation Comments To Gitlab
2
Gitlab Vscode Extension
2
Runner
2
Gitea
2
Redis
2
Gitlab Hook
2
Grafana
2
Gitlab Oauth
2
Coolify
2
Teamcity
2
AI / ML
2
H410s Firmware
1
macOS
1
H300s Firmware
1
Gitlab Logo
1
Oauth2 Proxy
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-48801 | Denial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by submitting tens of KB of repeated email/link-like text. The core public API LinkifyIt.prototype.match runs an O(N²) scan loop that re-slices the input and re-runs unanchored fuzzy regex searches once per match, so 64 KB of "a@b.com" burns ~2.5 s of single-threaded CPU and 128 KB ~10 s. The flaw is inherited by markdown-it (~21.6M weekly npm downloads) whenever linkify:true is set, exposing forums, chat, wikis and AI chat UIs; publicly available exploit code (a PoC in the GHSA advisory) exists, but there is no evidence of active exploitation. | HIGH | 8.7 | 0.4% | 64 |
PoC
|
| CVE-2026-8589 | Stored cross-site scripting and account integrity abuse in GitLab Enterprise Edition versions 13.1.4 through 18.10.7, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2 allows an authenticated low-privileged user to inject unsanitized input into certain group setting fields and add unauthorized email addresses to a targeted user's account. Publicly available exploit code exists via a HackerOne report, though EPSS exploitation probability remains very low at 0.02% and the SSVC framework rates current exploitation as 'none' with total technical impact when successful. | HIGH | 8.7 | 0.0% | 64 |
PoC
|
| CVE-2026-10087 | Stored cross-site scripting in GitLab Enterprise Edition's Analytics Dashboard allows an authenticated developer-role user to execute arbitrary client-side JavaScript in the browser of a targeted user, leveraging improper input sanitization. The flaw affects all 17.1 through 18.10.x, 18.11.x, and 19.0.x branches before fixed releases, and publicly available exploit code exists via a HackerOne report, raising the realistic risk of opportunistic abuse against multi-tenant GitLab instances. | HIGH | 8.7 | 0.0% | 64 |
PoC
|
| CVE-2026-6552 | Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack other group members' accounts through improper authorization in the Group SAML identity management functionality. Publicly available exploit code exists via a HackerOne report, and GitLab released patched versions 18.10.8, 18.11.5, and 19.0.2 on 2026-06-10. The flaw stems from CWE-639 (Authorization Bypass Through User-Controlled Key) and yields a scope-changing high-impact compromise per CVSS 3.1. | HIGH | 8.7 | 0.0% | 64 |
PoC
|
| CVE-2026-3857 | A Cross-Site Request Forgery (CSRF) vulnerability in GitLab Community Edition and Enterprise Edition allows unauthenticated attackers to execute arbitrary GraphQL mutations on behalf of authenticated users without their consent. All versions from 17.10 before 18.8.7, versions 18.9 before 18.9.3, and versions 18.10 before 18.10.1 are affected. A public proof-of-concept exploit is available via HackerOne report 3584382, significantly increasing the risk of active exploitation. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-4922 | Cross-Site Request Forgery (CSRF) in GitLab CE/EE allows remote unauthenticated attackers to execute GraphQL mutations as authenticated victims through crafted web pages. Affects all versions from 17.0 through 18.11.0, with publicly available exploit code (HackerOne report 3627285). Despite high CVSS 8.1, exploitation requires user interaction (phishing/social engineering) and is not automatable per CISA SSVC framework. No evidence of active exploitation in CISA KEV at time of analysis. Vendor patches released: 18.9.6, 18.10.4, and 18.11.1. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-5262 | Cross-site scripting vulnerability in GitLab's Storybook development environment allows remote unauthenticated attackers to steal access tokens via crafted user interaction. Affects GitLab CE/EE versions 16.1.0 through 18.9.5, 18.10 through 18.10.3, and 18.11.0. Publicly available exploit code exists (HackerOne report 3574642), though CISA SSVC indicates no confirmed active exploitation at time of analysis. CVSS 8.0 reflects high confidentiality and integrity impact with scope change, but CVSS vector AC:H (high complexity) and UI:R (user interaction required) indicate exploitation requires targeted social engineering rather than automated mass exploitation. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2026-5816 | Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. CVSS 8.0 reflects the changed scope (S:C) allowing impact beyond the vulnerable component, though High attack complexity (AC:H) and required user interaction (UI:R) limit ease of exploitation. Patched in versions 18.10.4 and 18.11.1. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2026-2995 | Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. Affected deployments should implement access controls to restrict user modification privileges until updates become available. | HIGH | 7.7 | 0.0% | 59 |
PoC
|
| CVE-2026-7250 | Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows unauthenticated remote attackers to crash or degrade the API request parsing middleware via malformed input. Publicly available exploit code exists (HackerOne report 3671995), and the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) reflects trivially-reachable, no-auth exploitation against any internet-exposed GitLab instance. No CISA KEV listing at time of analysis. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2026-3988 | GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. An unauthenticated attacker can remotely exploit this with low complexity to render GitLab instances unresponsive, and a public proof-of-concept exploit is available via HackerOne report 3597342. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2026-2745 | GitLab CE/EE versions 7.11 through 18.10 contain an authentication bypass vulnerability in the WebAuthn two-factor authentication implementation due to inconsistent input validation, allowing unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability affects a wide version range spanning multiple releases (7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1). A proof-of-concept exploit is publicly available, and while the CVSS score of 6.8 indicates moderate severity, the authentication bypass nature and active exploit availability represent a significant real-world threat to GitLab deployments. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|
| CVE-2026-1724 | GitLab EE contains an improper access control vulnerability that allows unauthenticated users to retrieve API tokens for self-hosted AI models without authentication. The vulnerability affects GitLab versions 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, impacting any organization running these versions with AI model integrations. With a CVSS score of 6.8 and publicly available proof-of-concept code, this represents a significant credential exposure risk requiring immediate patching. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|
| CVE-2026-1322 | OAuth scope enforcement bypass in GitLab CE/EE allows an authenticated user holding a read_api-scoped OAuth token to perform unauthorized write operations - specifically creating issues and adding comments - in private projects. Affected are all GitLab Community and Enterprise Edition installations from version 16.0 up to the patched releases 18.9.7, 18.10.6, and 18.11.3. A publicly available proof-of-concept exists, and while EPSS probability is extremely low (0.01%, 1st percentile) with no CISA KEV listing, the integrity impact is rated High given the ability to inject content into private project issue trackers. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|
| CVE-2026-1660 | Denial of service in GitLab CE/EE versions 12.3 through 18.11.0 allows authenticated users to trigger excessive resource consumption during issue import operations due to improper input validation on user-supplied data. The vulnerability affects all minor versions from 12.3 onwards until patched versions 18.9.6, 18.10.4, and 18.11.1. Publicly available exploit code exists, and CISA SSVC assessment indicates the vulnerability is exploitable but not automatable at scale. | MEDIUM | 6.5 | 0.1% | 53 |
PoC
|