{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-2995/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["gitlab","html-injection","cve-2026-2995"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGitLab has addressed CVE-2026-2995, a vulnerability affecting GitLab Enterprise Edition. The flaw resides in versions 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated attacker could exploit this vulnerability to inject arbitrary HTML content into user profiles, specifically targeting the addition of unauthorized email addresses. This is due to improper sanitization of HTML within GitLab\u0026rsquo;s user profile management features. Successful exploitation can lead to…\u003c/p\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-gitlab-cve-2026-2995/","summary":"CVE-2026-2995 is a vulnerability in GitLab EE versions 15.4 to 18.10.1 where an authenticated user can add email addresses to other user accounts due to improper HTML sanitization, potentially leading to account takeover or information disclosure.","title":"GitLab Improper HTML Sanitization Vulnerability (CVE-2026-2995)","url":"https://feed.craftedsignal.io/briefs/2026-03-gitlab-cve-2026-2995/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-2995","version":"https://jsonfeed.org/version/1.1"}