CVE-2026-0752
Published: 25 February 2026
Summary
CVE-2026-0752 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters outputs in the Mermaid sandbox UI to prevent execution of injected arbitrary scripts from XSS attacks.
Validates inputs to the Mermaid diagram sandbox to block unauthenticated injection of malicious scripts.
Remediates the specific XSS flaw through timely patching of affected GitLab versions prior to 18.7.5, 18.8.5, and 18.9.1.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in public-facing GitLab web app directly enables T1190 exploitation; injected scripts map to T1059.007 JavaScript execution in victim browser.
NVD Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox…
more
UI.
Deeper analysisAI
CVE-2026-0752 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting GitLab Community Edition (CE) and Enterprise Edition (EE). It impacts all versions from 16.2 prior to 18.7.5, 18.8 prior to 18.8.5, and 18.9 prior to 18.9.1. The flaw allows arbitrary script injection into the Mermaid sandbox UI under certain circumstances, with a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N).
An unauthenticated attacker with network access could exploit this vulnerability by tricking a user into interacting with a maliciously crafted Mermaid diagram in the sandbox UI, given the high attack complexity. Successful exploitation would enable high-impact confidentiality and integrity violations, such as stealing sensitive data or performing actions on behalf of the victim within a changed scope, though availability remains unaffected.
GitLab has remediated the issue in versions 18.7.5, 18.8.5, and 18.9.1, as detailed in their patch release notes and associated issue tracker. Security practitioners should prioritize upgrading affected GitLab instances to these or later versions to mitigate the risk. Additional details are available in the GitLab security release advisory, the public issue tracker at gitlab.com/gitlab-org/gitlab/-/issues/585371, and the originating HackerOne report.
Details
- CWE(s)