CVE-2026-0595 — Vulnetix

CVE-2026-0595 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles.

EPSS 0.08% · 23.8th percentile

Risk Scores

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	13.9.0, 18.7.0, 18.8.0
Bitnami	gitlab	13.9.0, 18.7.0, 18.8.0

Timeline

Feb 11, 2026 CVE Published
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score

References

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/584975 url
https://hackerone.com/reports/3486862 url
https://nvd.nist.gov/vuln/detail/CVE-2026-0595 url

Open in Interactive Console →