CVE-2026-4332Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting15 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 91.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab EE
Timeline
PublishedApr 8
Latest updateApr 9

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

CVEListV5gitlab/gitlab18.218.8.9+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-26q6-hm4f-j23h: GitLab has remediated an issue in GitLab EE affecting all versions from 182026-04-09

📋Vendor Advisories

2
GitLab
CVE-2026-4332: GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in cust2026-04-08
Debian
CVE-2026-4332: gitlab - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef...2026

🕵️Threat Intelligence

11
Wiz
CVE-2025-12664 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-1516 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2619 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-9484 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-1752 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-4332 — Cross-site Scripting in Gitlab | cvebase