PT-2026-34522 · Gitlab · Gitlab Ce/Ee

Published

2026-04-22

Updated

2026-04-24

CVE-2026-3254

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0

Description Improper input validation in the Mermaid sandbox could allow an authenticated user to load unauthorized content into another user's browser.

Recommendations Update to version 18.11.1.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

BIT-GITLAB-2026-3254

CVE-2026-3254

Affected Products

Gitlab Ce/Ee

PT-2026-34522 · Gitlab · Gitlab Ce/Ee

CVE-2026-3254

Weakness Enumeration

Related Identifiers

Affected Products

References · 5