CVE-2026-0752

CVE Database · CVE-2026-0752

CVE-2026-0752

· HIGHAnalyzed

CVSS v3.1

8.0

EPSS

0.31%

Published

Feb 25, 2026

Modified

Feb 27, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Weaknesses (CWE)

CWE-79

Affected Products (6)

gitlab · gitlab (up to 18.7.5)vulnerable

gitlab · gitlab (up to 18.8.5)vulnerable

gitlab · gitlabvulnerable

References (3)

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

Release NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/585371

Broken Link

https://hackerone.com/reports/3473276

Permissions Required

KEV Catalog EPSS Scores Vendors All CVEs