Security Advisory

GitLab product security update advisory

Jun 01 2026

GitLab product security update advisory

GitLab product security update advisory

GitLab has released a security update to address a vulnerability in GitLab EE.

Resolved vulnerabilities

CVE-2026-4868: An access control flaw in GitLab EE.
CVE-2026-7481: A cross-site scripting (XSS) vulnerability in GitLab EE that could allow malicious script to be injected into a web page.

Affected Versions

CVE-2026-4868.
- GitLab EE versions 18.8 and above, but below 18.10.7.
- GitLab EE versions 18.11 and above but below 18.11.4.
- GitLab EE version 19.0 or later but before 19.0.1.
CVE-2026-7481.
- GitLab EE version 16.4 or later but not earlier than 18.9.7.
- GitLab EE version 18.10 or later but not earlier than 18.10.6.
- GitLab EE version 18.11 or later but less than 18.11.3.

Corresponding versions

CVE-2026-4868 is resolved in GitLab EE versions 18.10.7, 18.11.4, and 19.0.1.
CVE-2026-7481 is resolved in GitLab EE versions 18.9.7, 18.10.6, and 18.11.3.

GitLab advised users to update to the latest version of the Vulnerability Patch by following the instructions on the reference site.

Previous Post

DAEMON Tools Lite Security Update Advisory (CVE-2026-8398)

Next Post

Notepad++ Security Update Advisory