CVE-2026-2995 in Enterprise Edition
Summary
by MITRE • 03/25/2026
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/01/2026
This vulnerability resides within GitLab Enterprise Edition where an authenticated attacker with sufficient privileges could exploit a flaw in HTML content sanitization to inject malicious email addresses into user accounts. The issue affects versions prior to specific patch releases including 18.8.7, 18.9.3, and 18.10.1, representing a significant security concern for organizations relying on GitLab's user management capabilities. The vulnerability stems from inadequate input validation and sanitization mechanisms that fail to properly process HTML content submitted by users, creating an avenue for unintended data manipulation.
The technical flaw manifests as a lack of proper HTML sanitization during email address processing within GitLab's user management interface. When authenticated users submit email addresses through the system, the application fails to adequately filter or escape HTML characters that could be used to construct malicious input. This weakness allows attackers to potentially inject HTML tags or scripts that bypass normal validation procedures, enabling them to add arbitrary email addresses to targeted accounts. The vulnerability operates under CWE-79 which categorizes improper neutralization of input during web page generation, specifically focusing on cross-site scripting vulnerabilities where HTML content is not properly sanitized.
The operational impact of this vulnerability extends beyond simple data injection as it could enable attackers to manipulate user account information in ways that might facilitate further attacks. An authenticated attacker could potentially add malicious email addresses to accounts, which could then be used for phishing attempts or to gain additional access privileges within the system. This flaw could also compromise the integrity of user account data and potentially enable privilege escalation scenarios where attackers manipulate email addresses to gain unauthorized access to other user accounts or system resources. The vulnerability affects the core authentication and authorization mechanisms of GitLab, potentially undermining trust in the system's user management processes.
Organizations should immediately implement the patched versions of GitLab EE to remediate this vulnerability and ensure that all users are running the latest secure releases. System administrators should conduct thorough audits of user accounts to identify any potential unauthorized email address additions that may have occurred during the vulnerable period. Security teams should review access controls and authentication mechanisms to ensure that only authorized personnel can modify user account information. The mitigation strategy should also include monitoring for unusual account modifications and implementing additional validation checks for email address inputs. This vulnerability aligns with ATT&CK technique T1078 which covers legitimate credentials and the use of compromised accounts for persistence and privilege escalation. Organizations should also consider implementing web application firewalls and additional input validation measures to prevent similar issues in other applications within their infrastructure.