GitLab EE XSS (CVE-2026-7377) Allows JavaScript Execution in Dashboards

/HIGH /CVSS 8.7/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-79
GitLab EE XSS (CVE-2026-7377) Allows JavaScript Execution in Dashboards

The National Vulnerability Database has detailed CVE-2026-7377, a high-severity cross-site scripting (XSS) vulnerability affecting GitLab Enterprise Edition (EE). This flaw, present in customizable analytics dashboards, could enable an authenticated user to execute arbitrary JavaScript within the context of other users’ browsers. The root cause is improper input sanitization.

This is a significant risk. An attacker exploiting this could hijack sessions, deface pages, or phish credentials directly within the GitLab interface, effectively turning a legitimate platform feature into an attack vector. The impact is compounded by the fact that GitLab EE is often used for sensitive code repositories and project management, where privileged user access is common.

GitLab has issued remediations for affected versions: 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3. Organizations running these versions must prioritize patching immediately to mitigate the risk of authenticated users exploiting this XSS for broader compromise.

What This Means For You

  • If your organization uses GitLab EE, you need to check your version immediately. This isn't just a nuisance bug; it's a critical XSS that allows an authenticated user to run code in *other* users' browsers. That means session hijacking, credential theft, or targeted phishing is on the table. Patch GitLab EE to versions 18.9.7, 18.10.6, or 18.11.3 or higher, depending on your branch, without delay. Review audit logs for any suspicious activity related to analytics dashboard modifications post-patch.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.007 JavaScript Execution T1185 Browser Session Hijacking Credential Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

GitLab EE Customizable Dashboard XSS - CVE-2026-7377

Sigma YAML — free preview 
title: GitLab EE Customizable Dashboard XSS - CVE-2026-7377
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-7377 by identifying requests targeting GitLab EE customizable analytics dashboards with common XSS payload indicators in the query string. This vulnerability allows authenticated users to execute arbitrary JavaScript in other users' browsers.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7377/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/-/analytics/dashboards/'
      cs-uri-query|contains:
          - 'script=' 
          - 'alert(' 
          - 'onerror=' 
          - 'javascript:'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7377 XSS GitLab EE versions < 18.9.7
CVE-2026-7377 XSS GitLab EE versions < 18.10.6
CVE-2026-7377 XSS GitLab EE versions < 18.11.3
CVE-2026-7377 XSS Improper input sanitization in customizable analytics dashboards

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 14, 2026 at 09:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6670 — Path Traversal

CVE-2026-6670 — The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-6510: Critical Privilege Escalation in InfusedWoo Pro WordPress Plugin

CVE-2026-6510 — The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-862
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs /⚙ 2 Sigma

InfusedWoo Pro Plugin Privilege Escalation (CVE-2026-6506)

CVE-2026-6506 — The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to...

vulnerabilityCVEhigh-severityprivilege-escalationcwe-862
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 5 IOCs