GITLAB released security updates for Community Edition (CE) and Enterprise Edition (EE) addressing 13 vulnerabilities, including three high-severity issues. The most critical, CVE-2026-10086, is an XSS flaw in the Analytics dashboard allowing authenticated users to execute code in others' sessions. Another severe flaw, CVE-2026-10712, allows unauthenticated attackers to run JavaScript in users' browsers. Additionally, CVE-2026-12053 could expose sensitive project information.
Other medium-severity vulnerabilities include authorization bypass and improper input validation. Users are urged to update to versions 19.1.1, 19.0.3, or 18.11.6 immediately to mitigate these risks.