Threat Advisory

GitLab Flaw Lets Attackers Read Arbitrary Files and Steal Sessions

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting GitLab versions The flaws affect a wide range of GitLab CE and EE builds before the fix have been identified in GitLab, affecting a wide range of Community and Enterprise Edition builds before the fix. The flaws pose a significant risk to users, as they can lead to session theft and repository tampering. Affected versions include 19.1.2, 19.0.4, and 18.11.7.

CVE-2026-6896 (CVSS 8.7 — High Severity): A stored cross-site scripting bug sits in the vulnerability evidence table renderer. An attacker can plant a script through unsanitized input, which runs when a victim views the page.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting GitLab versions The flaws affect a wide range of GitLab CE and EE builds before the fix have been identified in GitLab, affecting a wide range of Community and Enterprise Edition builds before the fix. The flaws pose a significant risk to users, as they can lead to session theft and repository tampering. Affected versions include 19.1.2, 19.0.4, and 18.11.7.

CVE-2026-6896 (CVSS 8.7 — High Severity): A stored cross-site scripting bug sits in the vulnerability evidence table renderer. An attacker can plant a script through unsanitized input, which runs when a victim views the page.[emaillocker id="1283"]

CVE-2026-13320: HTML injection is possible through wiki markup. This allows an attacker to inject malicious code into the system.

These vulnerabilities collectively present a significant risk to users who have not updated their GitLab installations.

RECOMMENDATION:

We recommend you to update GitLab to version 19.1.2, 19.0.4, or 18.11.7.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu