Cross-site scripting in GitLab Enterprise Edition and Gitlab Community Edition - CVE-2026-6896
Published: July 8, 2026
GitLab Enterprise Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary scripts in another user's browser session.
The vulnerability exists due to improper sanitization of user-supplied input in the vulnerability evidence table renderer when rendering user-supplied content. A remote user can inject specially crafted input to execute arbitrary scripts in another user's browser session.
User interaction is required for the victim to view the rendered content.