{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/gitlab-community-edition-ce--18.11.7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":4.9,"id":"CVE-2026-11827"},{"cvss":7.3,"id":"CVE-2026-13320"},{"cvss":2.7,"id":"CVE-2026-13151"},{"cvss":2.7,"id":"CVE-2026-6352"},{"cvss":8.7,"id":"CVE-2026-6896"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["GitLab Community Edition (CE) \u003c 18.11.7","GitLab Enterprise Edition (EE) \u003c 18.11.7","GitLab Community Edition (CE) \u003c 19.0.4","GitLab Enterprise Edition (EE) \u003c 19.0.4","GitLab Community Edition (CE) \u003c 19.1.2","GitLab Enterprise Edition (EE) \u003c 19.1.2"],"_cs_severities":["high"],"_cs_tags":["web-application","vulnerability","gitlab","xss","data-leak"],"_cs_type":"advisory","_cs_vendors":["GitLab"],"content_html":"\u003cp\u003eMultiple critical and high-severity vulnerabilities, including CVE-2025-12506, CVE-2026-11827, CVE-2026-13151, CVE-2026-13320, CVE-2026-6352, CVE-2026-6896, CVE-2026-7492, and CVE-2026-8472, have been identified in GitLab Community Edition (CE) and Enterprise Edition (EE). These flaws impact versions 19.0.x prior to 19.0.4, 19.1.x prior to 19.1.2, and all versions prior to 18.11.7. These vulnerabilities could enable an attacker to achieve data confidentiality compromise, perform indirect remote code injection through Cross-Site Scripting (XSS), and bypass existing security policies. The CERT-FR issued an advisory on July 9, 2026, based on a GitLab security bulletin from July 8, 2026, urging users to apply patches immediately. The discovery highlights the ongoing need for vigilant patch management in web-based version control systems.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to significant unauthorized access and control over GitLab instances. An attacker could exfiltrate sensitive data, manipulate user interfaces or execute arbitrary code in a victim's browser through XSS, potentially leading to session hijacking or further compromise. Furthermore, security policy bypasses could undermine an organization's defensive measures, granting attackers persistent access or enabling broader network penetration. The nature of these vulnerabilities, particularly in a critical development platform like GitLab, poses a substantial risk to intellectual property, code integrity, and operational continuity for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security patches provided by GitLab for all affected versions of GitLab Community Edition (CE) and Enterprise Edition (EE) as referenced in the GitLab security bulletin (\u003ca href=\"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/)\"\u003ehttps://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSpecifically, update GitLab CE/EE to version 19.0.4 or later if currently on 19.0.x, to 19.1.2 or later if on 19.1.x, and to 18.11.7 or later if on versions prior to 18.11.7.\u003c/li\u003e\n\u003cli\u003eReview web application firewall (WAF) configurations to potentially detect and block unusual requests targeting common XSS vectors, specifically for CVE-2026-11827.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T14:28:54Z","date_published":"2026-07-09T14:28:54Z","id":"https://feed.craftedsignal.io/briefs/2026-07-gitlab-multiple-vulnerabilities/","summary":"Multiple vulnerabilities have been discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) across versions 19.0.x, 19.1.x, and 18.11.x, allowing an attacker to compromise data confidentiality, inject remote code via Cross-Site Scripting (XSS) (CVE-2026-11827), and bypass security policies (CVE-2026-13320).","title":"Multiple Vulnerabilities Discovered in GitLab CE/EE","url":"https://feed.craftedsignal.io/briefs/2026-07-gitlab-multiple-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - GitLab Community Edition (CE) \u003c 18.11.7","version":"https://jsonfeed.org/version/1.1"}