CVE-2026-2995
HTML Injection in GitLab EE Allows Unauthorized Email Modification
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 18.9.0 (inc) to 18.9.3 (exc) |
| gitlab | gitlab | 18.10.0 |
| gitlab | gitlab | From 15.4.0 (inc) to 18.8.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab EE affects versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. It allows an authenticated user to add email addresses to other targeted user accounts. The root cause is improper sanitization of HTML content, which enables this unauthorized modification.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to add email addresses to other users' accounts without proper authorization. This could lead to unauthorized access or manipulation of user account information, potentially compromising account integrity and user trust.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade GitLab EE to a fixed version. The issue is remediated in versions 18.8.7 and later for the 18.8 series, 18.9.3 and later for the 18.9 series, and 18.10.1 and later for the 18.10 series. Ensure that your GitLab EE instance is updated to one of these versions or a later release to prevent exploitation.