GitLab Product Security Update Advisory

GitLab Product Security Update Advisory
  • A security update has been released to address vulnerabilities found in GitLab products.
  • The vulnerabilities fixed are as follows:
    • CVE-2026-10086: A cross-site scripting (XSS) vulnerability in GitLab EE (a vulnerability that allows malicious scripts to be injected into web pages).
    • CVE-2026-10712: A cross-site scripting (XSS) vulnerability in GitLab CE/EE.
    • CVE-2026-12053: An information disclosure vulnerability in GitLab EE.
  • The affected versions are as follows.
    • CVE-2026-10086: GitLab EE 16.4 Or later but earlier than 18.11.6, 19.0 Or later but earlier than 19.0.3, And 19.1 Or later but earlier than 19.1.1.
    • CVE-2026-10712: GitLab CE/EE 18.10 Or later but earlier than 18.11.6, 19.0 Or later but earlier than 19.0.3, And 19.1 Or later but earlier than 19.1.1.
    • CVE-2026-12053: GitLab EE 19.1 Or later but earlier than 19.1.1.
  • The patched versions for CVE-2026-10086 and CVE-2026-10712 are GitLab EE 18.11.6, 19.0.3, And 19.1.1.
  • The patched version for CVE-2026-12053 is GitLab EE 19.1.1.
  • GitLab users should update to the latest version of the Vulnerability Patch following the instructions on the reference site.