CVE-2026-8589 – GitLab

CVSS 7.3 IMPORTANT High or Medium – Important Deployment

“Collaboration platforms become security risks when trust boundaries between users and administrators break down.”

GitLab patched four High severity vulnerabilities affecting GitLab CE and EE. CVE-2026-10087 and CVE-2026-6552 each have a CVSS score of 8.7, which is High severity. CVE-2026-7250 has a CVSS score of 7.5, which is High severity. CVE-2026-8589 has a CVSS score of 7.3, which is High severity.

The vulnerabilities include cross-site scripting in the Analytics Dashboard, improper authorization in Group SAML identity management, denial-of-service through API request parsing, and improper input sanitization that could allow unauthorized email address additions to user accounts. Successful exploitation could lead to account takeover, execution of unauthorized client-side code, service disruption, or unauthorized account modifications. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Gitlab Gitlab
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
CWE Classification
CWE-79
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.