High severity8.7NVD Advisory· Published May 14, 2026· Updated May 16, 2026
CVE-2026-7377
CVE-2026-7377
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*range: >=18.7.0,<18.9.7
- (no CPE)range: >=18.7,<18.9.7; >=18.10,<18.10.6; >=18.11,<18.11.3
Patches
Vulnerability mechanics
References
2- about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/nvdRelease Notes
- hackerone.com/reports/3659044nvdPermissions Required
News mentions
1- GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7GitLab Security Releases · May 13, 2026