CVE-2026-7481 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: May 14, 2026
GitLab EE - Stored XSS
Overview
GitLab EE >= 16.4 < 18.9.7, 18.10 < 18.10.6, and 18.11 < 18.11.3 contains a stored XSS caused by improper input sanitization, letting authenticated users with developer-role execute arbitrary JavaScript in other users' browsers, exploit requires developer-role permissions.
Severity & Score
Impact
Authenticated developers can execute arbitrary JavaScript in other users' browsers, potentially leading to session hijacking or data theft.
Mitigation
Update to versions 18.9.7, 18.10.6, 18.11.3 or later.
References
Social Media Activity(2 posts)
š CVE-2026-7481 - High (8.7) GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScrip... š https://www.thehackerwire.com/vulnerability/CVE-2026-7481/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-7481 - High (8.7) GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScrip... š https://www.thehackerwire.com/vulnerability/CVE-2026-7481/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7481
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- confirmed
- EPSS
- 1.6%
- Social Posts
- 2
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N