CVE-2026-1282 — Vulnetix

CVE-2026-1282 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

EPSS 0.03% · 10.4th percentile

Risk Scores

EPSS Score

0.03%

10.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	18.6.0, 18.8.0, 18.7.0
Bitnami	gitlab	18.6.0, 18.7.0, 18.8.0

Timeline

Feb 11, 2026 CVE Published
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score

References

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/587106 url
https://hackerone.com/reports/3505596 url
https://nvd.nist.gov/vuln/detail/CVE-2026-1282 url

Open in Interactive Console →