CVE-2026-2995

CVSS v3.1

7.7

High

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.4 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0

Description An authenticated user could add email addresses to targeted user accounts due to improper sanitization of HTML content.

Recommendations Update GitLab EE to version 18.8.7 or later. Update GitLab EE to version 18.9.3 or later. Update GitLab EE to version 18.10.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2026-06379

BIT-GITLAB-2026-2995

CVE-2026-2995

Affected Products

Gitlab Ce/Ee

CVE-2026-2995

Weakness Enumeration

Related Identifiers

Affected Products

References · 8