CVE-2026-7250 – GitLab
“Collaboration platforms become security risks when trust boundaries between users and administrators break down.”
GitLab patched four High severity vulnerabilities affecting GitLab CE and EE. CVE-2026-10087 and CVE-2026-6552 each have a CVSS score of 8.7, which is High severity. CVE-2026-7250 has a CVSS score of 7.5, which is High severity. CVE-2026-8589 has a CVSS score of 7.3, which is High severity.
The vulnerabilities include cross-site scripting in the Analytics Dashboard, improper authorization in Group SAML identity management, denial-of-service through API request parsing, and improper input sanitization that could allow unauthorized email address additions to user accounts. Successful exploitation could lead to account takeover, execution of unauthorized client-side code, service disruption, or unauthorized account modifications. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Gitlab Gitlab
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-770