CVE-2026-8589
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user could have added unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.
Risk Assessment
The risk is that an authenticated user could gain access to another user's account, potentially leading to unauthorized access to data and resources. This could expose the organization to data loss and compliance issues.
Recommendation
It is recommended to update GitLab to the latest version to mitigate this vulnerability. Additionally, conduct an audit of group settings to ensure there are no other security gaps.
Original NVD description (English source)
GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.

