CVE-2026-10087
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with developer-role permissions could execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.
Risk Assessment
This vulnerability could lead to the execution of malicious code by authenticated users, posing a risk of data breaches and system security. Organizations should be aware of the potential threats associated with improper input sanitization.
Recommendation
It is recommended to update GitLab to the latest version to mitigate this vulnerability. Additionally, conduct a user permission audit and monitor activity in the Analytics Dashboard.
Original NVD description (English source)
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.

