CVE-2026-8589

216.73.217.22

· Published 11/06/2026 14:16 · Modified 11/06/2026 17:28 · Author: The MITRE Corporation

Labels: CVE-2026-8589 2026-06-11 CVE-2026-8589 CWE-79 [email protected]

Essential information

Published: 11/06/2026 14:16
Modified: 11/06/2026 17:28
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 8.7 HIGH (v3.1)
CISA KEV: No
CWE: CWE-79
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`