Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3254

Summary
Assigner-GitLab
Assigner Org ID-ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At-22 Apr, 2026 | 16:29
Updated At-22 Apr, 2026 | 17:39
Rejected At-
Credits

Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitLab
Assigner Org ID:ceab7361-8a18-47b1-92ba-4d7d25f6715a
Published At:22 Apr, 2026 | 16:29
Updated At:22 Apr, 2026 | 17:39
Rejected At:
â–¼CVE Numbering Authority (CNA)
Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

Affected Products
Vendor
GitLab Inc.GitLab
Product
GitLab
Repo
git://git@gitlab.com:gitlab-org/gitlab.git
CPEs
  • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 18.11 before 18.11.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1021CWE-1021: Improper Restriction of Rendered UI Layers or Frames
Type: CWE
CWE ID: CWE-1021
Description: CWE-1021: Improper Restriction of Rendered UI Layers or Frames
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to version 18.11.1 or above.

Configurations
Workarounds
Exploits
Credits
finder
Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackerone.com/reports/3572752
technical-description
exploit
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/work_items/591587
N/A
Hyperlink: https://hackerone.com/reports/3572752
Resource:
technical-description
exploit
permissions-required
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/work_items/591587
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@gitlab.com
Published At:22 Apr, 2026 | 17:16
Updated At:23 Apr, 2026 | 20:43

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CPE Matches
GitLab Inc.
gitlab
>>gitlab>>18.11.0
cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>18.11.0
cpe:2.3:a:gitlab:gitlab:18.11.0:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1021Primarycve@gitlab.com
CWE ID: CWE-1021
Type: Primary
Source: cve@gitlab.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/gitlab-org/gitlab/-/work_items/591587cve@gitlab.com
Broken Link
https://hackerone.com/reports/3572752cve@gitlab.com
Permissions Required
Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/work_items/591587
Source: cve@gitlab.com
Resource:
Broken Link
Hyperlink: https://hackerone.com/reports/3572752
Source: cve@gitlab.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

17Records found
CVE-2022-3819
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.11% / 28.13%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-5528
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.07% / 20.69%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 10:31
Updated-06 Aug, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete Comparison with Missing Factors in GitLab

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1023
Incomplete Comparison with Missing Factors
CWE ID-CWE-697
Incorrect Comparison
CVE-2023-3511
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-2||LOW
EPSS-0.02% / 5.62%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 15:31
Updated-20 Nov, 2025 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-3280
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.17% / 37.30%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-3288
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.11% / 29.62%
||
7 Day CHG-0.04%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-471
Modification of Assumed-Immutable Data (MAID)
CVE-2021-39879
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-2.2||LOW
EPSS-0.12% / 31.06%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 16:42
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-1282
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.03% / 9.93%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 11:04
Updated-12 Feb, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2025-12734
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.02% / 6.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 07:32
Updated-23 Dec, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2023-2030
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.04% / 13.46%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 13:57
Updated-20 Nov, 2025 | 04:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-0120
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.09% / 25.07%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 10:01
Updated-20 Nov, 2025 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-22232
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.13% / 31.66%
||
7 Day CHG~0.00%
Published-06 Jul, 2021 | 20:43
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-39881
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.5||LOW
EPSS-0.25% / 48.46%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 13:40
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2025-0362
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 14:31
Updated-07 Aug, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2024-2177
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 28.59%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 13:30
Updated-12 Dec, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Rendered UI Layers or Frames in GitLab

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2024-7404
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.37% / 58.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 13:02
Updated-12 Dec, 2024 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via the Device OAuth flow.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-2013
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-2.6||LOW
EPSS-0.22% / 44.45%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-33596
Matching Score-4
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
ShareView Details
Matching Score-4
Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f
CVSS Score-3.5||LOW
EPSS-0.27% / 50.63%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:26
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fake Apple login prompt in F-Secure SAFE browser for iOS

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.

Action-Not Available
Vendor-F-Secure Corporation
Product-safeF-Secure Mobile Security
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
Details not found