GitLab Improper HTML Sanitization Vulnerability (CVE-2026-2995)
CVE-2026-2995 is a vulnerability in GitLab EE versions 15.4 to 18.10.1 where an authenticated user can add email addresses to other user accounts due to improper HTML sanitization, potentially leading to account takeover or information disclosure.
GitLab has addressed CVE-2026-2995, a vulnerability affecting GitLab Enterprise Edition. The flaw resides in versions 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated attacker could exploit this vulnerability to inject arbitrary HTML content into user profiles, specifically targeting the addition of unauthorized email addresses. This is due to improper sanitization of HTML within GitLab’s user profile management features. Successful exploitation can lead to…
Detection coverage 2
Detect Suspicious HTML in GitLab User Profile Updates
mediumDetects potentially malicious HTML code in requests to update GitLab user profiles, indicating possible attempts to exploit CVE-2026-2995.
Detect Email Modification via User Update Endpoint
lowDetects successful email modification via user update API.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1