CVE-2026-7481

GitLab · GitLab EE

A Cross-Site Scripting (XSS) vulnerability exists in GitLab EE, allowing authenticated users to inject malicious scripts into web pages viewed by other users.

Executive summary

A critical Cross-Site Scripting (XSS) vulnerability in GitLab EE allows authenticated attackers to execute malicious scripts in the context of other users' sessions.

Vulnerability

This is a stored or reflected Cross-Site Scripting (CWE-79) vulnerability. It requires a low-privileged authenticated user to interact with the application, potentially leading to session hijacking or sensitive data theft when the payload is triggered by a victim.

Business impact

An XSS attack can lead to the theft of session tokens, unauthorized actions performed on behalf of legitimate users, and the potential exposure of sensitive repository data. With a CVSS score of 8.7, the impact on integrity and confidentiality is substantial, particularly in environments where high-privilege administrators interact with the platform.

Remediation

Immediate Action: Upgrade GitLab EE to versions 18.9.7, 18.10.6, 18.11.3, or higher to remediate the vulnerability.

Proactive Monitoring: Review web access logs for suspicious input patterns and monitor for unusual activity associated with administrative accounts.

Compensating Controls: Ensure that Content Security Policy (CSP) headers are strictly configured to mitigate the impact of script injection attacks.

Exploitation status

Public Exploit Available: No — there is no confirmed public exploit or weaponized code available in our curated sources.

Analyst recommendation

GitLab instances are high-value targets for supply chain and intellectual property theft. Administrators should treat this update with high priority and apply the patches during the next available maintenance window to protect against potential XSS-based attacks.