THIS document discusses a critical GitLab patch released on July 8, 2026, which addresses eight security vulnerabilities across various versions (19.1.2, 19.0.4, 18.11.7). The most severe vulnerability is a stored cross-site scripting (XSS) bug, CVE-2026-6896, rated CVSS 8.7. This flaw allows attackers to execute scripts in a victim's browser if they have developer-role access. Other issues include credential exposure and weak authorization. Patching is essential as there are no workarounds available, and affected users are urged to update to the latest versions.
GitLab fixes critical XSS bug CVE-2026-6896 for developer roles
CyberSIXT Evidence Panel
Article by CyberSIXT