AI description
CVE-2026-6896 describes a vulnerability in GitLab Enterprise Edition (EE) stemming from improper sanitization of user-supplied input. This flaw could allow an authenticated user with developer-role permissions to execute arbitrary scripts within another user's browser session under specific conditions. The issue impacts various versions of GitLab EE, specifically all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2. GitLab has released remediations for this vulnerability.
- Description
- GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
- Products
- gitlab
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos GitLab ❗ CVE-2026-6896 ❗ CVE-2026-13320 ➡️ Más info: https://t.co/g0xzEya8At https://t.co/7BwwpTCpeh
@CERTpy
15 Jul 2026
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2026-6896: GitLab has patched eight vulnerabilities, including a high-severity cross-site scripting (XSS) flaw. Users should update to v19.1.2. #CyberSecurity #CVE #GitLab #XSS #ThreatWire
@ThreatWire_
9 Jul 2026
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitLab CE/EEが8件の脆弱性を修正。深刻なクロスサイトスクリプティングCVE-2026-6896とHTMLインジェクションCVE-2026-13320が修正されている。 https://t.co/KbEwHOeDIY
@__kokumoto
9 Jul 2026
850 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "32643EA5-8C1A-418A-A6B5-EDCADEC8C79E",
"versionEndExcluding": "18.11.7",
"versionStartIncluding": "13.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77F37C9F-5A51-4AD0-A919-F74CA49F8048",
"versionEndExcluding": "19.0.4",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "71AC7E45-C1B7-4EFE-8C29-E1D7ADD3D9F4",
"versionEndExcluding": "19.1.2",
"versionStartIncluding": "19.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]