CVE-2026-7377 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: May 14, 2026
GitLab EE - Stored XSS
Overview
GitLab EE >= 18.7, < 18.9.7, >= 18.10, < 18.10.6, and >= 18.11, < 18.11.3 contains a stored XSS caused by improper input sanitization in customizable analytics dashboards, letting authenticated users execute arbitrary JavaScript in other users' browsers.
Severity & Score
Impact
Authenticated users can execute arbitrary JavaScript in other users' browsers, potentially leading to session hijacking or data theft.
Mitigation
Upgrade to GitLab EE 18.9.7, 18.10.6, 18.11.3 or later.
References
Social Media Activity(2 posts)
š CVE-2026-7377 - High (8.7) GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary Ja... š https://www.thehackerwire.com/vulnerability/CVE-2026-7377/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-7377 - High (8.7) GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary Ja... š https://www.thehackerwire.com/vulnerability/CVE-2026-7377/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7377
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 1.9%
- Social Posts
- 2
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N