CVE Catalog

CVE-2026-10087

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile - higher than 34% of all known CVEs

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with developer-role permissions could execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.

Risk Assessment

This vulnerability could lead to the execution of malicious code by authenticated users, posing a risk of data breaches and system security. Organizations should be aware of the potential threats associated with improper input sanitization.

Recommendation

It is recommended to update GitLab to the latest version to mitigate this vulnerability. Additionally, conduct a user permission audit and monitor activity in the Analytics Dashboard.

Original NVD description (English source)

GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS