wid-sec-w-2026-1010 · Published 2026-04-08 · View on BSI CERT-Bund ↗

GitLab CE/EE: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content. GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

CVEs (12)

CVE-2026-1516 CVE-2026-4332 CVE-2026-4916 CVE-2026-5173 CVE-2025-12664 CVE-2026-1092 CVE-2026-1101 CVE-2026-1403 CVE-2026-2619 CVE-2026-1752 CVE-2025-9484 CVE-2026-2104

Affected Vendors

Open Source

Affected Products (6)

Open Source · GitLab <18.9.5

Open Source · GitLab 18.9.5

Open Source · GitLab <18.10.3

Open Source · GitLab 18.10.3

Open Source · GitLab <18.8.9

Open Source · GitLab 18.8.9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more