CVE-2026-9694

216.73.216.233

· Published 11/06/2026 14:16 · Modified 11/06/2026 17:32 · Author: The MITRE Corporation

Labels: CVE-2026-9694 2026-06-11 CVE-2026-9694 CWE-153 [email protected]

Essential information

Published: 11/06/2026 14:16
Modified: 11/06/2026 17:32
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 4.3 MEDIUM (v3.1)
CISA KEV: No
CWE: CWE-153
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS metrics

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::community:::*`
gitlab / gitlab	`cpe:2.3:a:gitlab:gitlab:::::enterprise:::*`