- GitLab has released a security update that addresses multiple vulnerabilities in its products.
- the targeted vulnerabilities are CVE-2026-6552, CVE-2026-7250, CVE-2026-8589, and CVE-2026-10087.
- CVE-2026-10087 is a cross-site scripting (XSS) vulnerability in GitLab EE that allows malicious script to be injected into web pages.
- CVE-2026-6552 is an access control laxity vulnerability in GitLab EE.
- CVE-2026-7250 is a Denial of Service (DoS, a condition that prevents the use of a Service) vulnerability in GitLab CE/EE.
- CVE-2026-8589 is an HTML injection vulnerability in GitLab EE.
- affected Versions are vulnerability-specific and include multiple version bands of GitLab CE/EE and GitLab EE.
- resolved versions are GitLab EE 18.10.8 and later, 18.11.5 and later, and 19.0.2 and later for CVE-2026-6552, CVE-2026-8589, and CVE-2026-10087.
- For CVE-2026-7250, GitLab CE/EE 18.10.8 or later, 18.11.5 or later, 19.0.2 or later.
- GitLab users should follow the instructions on the reference site to update to the latest version of the Vulnerability Patch.
