https://feed.craftedsignal.io/tags/cve-2026-2995/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 26 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-gitlab-cve-2026-2995/Thu, 26 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-cve-2026-2995/CVE-2026-2995 is a vulnerability in GitLab EE versions 15.4 to 18.10.1 where an authenticated user can add email addresses to other user accounts due to improper HTML sanitization, potentially leading to account takeover or information disclosure.<p>GitLab has addressed CVE-2026-2995, a vulnerability affecting GitLab Enterprise Edition. The flaw resides in versions 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated attacker could exploit this vulnerability to inject arbitrary HTML content into user profiles, specifically targeting the addition of unauthorized email addresses. This is due to improper sanitization of HTML within GitLab&rsquo;s user profile management features. Successful exploitation can lead to…</p> mediumadvisorygitlabhtml-injectioncve-2026-2995