{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5816", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-04-08T15:33:27.101Z", "datePublished": "2026-04-22T16:04:26.293Z", "dateUpdated": "2026-04-23T03:56:09.061Z"}, "containers": {"cna": {"title": "Improper Resolution of Path Equivalence in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "18.10", "status": "affected", "lessThan": "18.10.4", "versionType": "semver"}, {"version": "18.11", "status": "affected", "lessThan": "18.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-41: Improper Resolution of Path Equivalence", "cweId": "CWE-41", "type": "CWE"}]}], "references": [{"url": "https://hackerone.com/reports/3572231", "name": "HackerOne Bug Bounty Report #3572231", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592816"}, {"url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.10.4, 18.11.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-22T16:04:26.293Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-5816"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T03:56:09.061Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-22T17:51:35.579258Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:51:37.879Z"}}], "cna": {"title": "Improper Resolution of Path Equivalence in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "18.10", "lessThan": "18.10.4", "versionType": "semver"}, {"status": "affected", "version": "18.11", "lessThan": "18.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.10.4, 18.11.1 or above."}], "references": [{"url": "https://hackerone.com/reports/3572231", "name": "HackerOne Bug Bounty Report #3572231", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592816"}, {"url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-41", "description": "CWE-41: Improper Resolution of Path Equivalence"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-22T16:04:26.293Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5816", "state": "PUBLISHED", "dateUpdated": "2026-04-22T17:51:42.175Z", "dateReserved": "2026-04-08T15:33:27.101Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-22T16:04:26.293Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "98D16D9B-6A45-45F3-934B-3ED95C8371BF", "versionEndExcluding": "18.10.4", "versionStartIncluding": "18.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "58B8096F-9D7B-403D-B685-E9D4FA24F3E5", "versionEndExcluding": "18.10.4", "versionStartIncluding": "18.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:community:*:*:*", "matchCriteriaId": "A6100523-821F-4F41-872D-AC5A60EECC19", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C78F9577-CDD5-497B-A92F-3C578AC6709E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions."}], "id": "CVE-2026-5816", "lastModified": "2026-04-23T20:30:30.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T17:16:44.763", "references": [{"source": "cve@gitlab.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/592816"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/3572231"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-41"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.10,18.10.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.11,18.11.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "GitLab", "source": "cna", "vendor": "GitLab"}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-27T08:49:41.092968+00:00", "value": {"mitigation_remediation": ["Upgrade GitLab to version 18.10.4, 18.11.1, or any later release that includes the path\u2011validation fix", "If an upgrade is not yet possible, restrict access to the affected path or monitor inbound requests for patterns that resemble the known exploitation sequence", "Enforce a strict Content Security Policy on the web interface to prevent arbitrary JavaScript execution and mitigate exploitation of the flaw while a patch is pending"], "summary": {"action": "Immediate Patch", "impact": "Client\u2011Side Arbitrary JavaScript Execution"}, "threat_synthesis": {"affected_systems": "The flaw impacts GitLab Community Edition and Enterprise Edition. All releases from 18.10.0 to 18.10.3 and the 18.11.0 release are affected. Versions 18.10.4, 18.11.1 and later contain the fix.", "description_and_impact": "GitLab has a flaw that improperly resolves path equivalence, allowing an unauthenticated user to trigger arbitrary JavaScript execution within a target user\u2019s browser session. The vulnerability is rooted in CWE\u201141, Path Manipulation, and could be used to hijack sessions, steal credentials, or inject malicious content while the victim is logged into GitLab.", "risk_and_exploitability": "The CVSS score of 8 indicates a high severity level, though the EPSS score is not available, so the current exploit probability is unknown. Because the vulnerability is exploitable by unauthenticated users, an attacker can craft a request that bypasses path validation and deliver malicious JavaScript to any user who visits the targeted page. The vulnerability is not listed in CISA KEV and no public exploit has been reported at the time of this assessment. The likely attack vector is a crafted HTTP request that triggers the path conversion logic, and the impact is limited to the victims\u2019 browser context but can be leveraged for social engineering or first\u2011party data theft."}}}}, "created": "2026-04-22T20:15:20.258579+00:00", "updated": "2026-04-27T18:45:11.487283+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}