CVE-2026-5262
Published: 22 April 2026
Summary
CVE-2026-5262 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the improper input validation flaw that allowed unauthenticated access to sensitive tokens in the Storybook environment.
Enforces approved access authorizations to prevent unauthenticated users from accessing tokens under exploitable conditions.
Ensures timely remediation of the input validation vulnerability through patching to the specified GitLab versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing GitLab web app (improper input validation/CWE-79) directly enables exploitation of the application for initial access (T1190) and unauthorized access to sensitive tokens (T1528).
NVD Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment…
more
due to improper input validation.
Deeper analysisAI
CVE-2026-5262 is a vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting all versions from 16.1.0 prior to 18.9.6, 18.10 prior to 18.10.4, and 18.11 prior to 18.11.1. The issue stems from improper input validation, which under certain conditions could allow unauthorized access to tokens within the Storybook development environment. It has been assigned a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N) and is associated with CWE-79.
An unauthenticated attacker could exploit this vulnerability over the network, though it requires high attack complexity and user interaction. Successful exploitation would enable the attacker to access sensitive tokens in the Storybook environment, resulting in high impacts to confidentiality and integrity with a changed scope, but no availability impact.
GitLab has remediated the issue through patch releases, including GitLab 18.11.1 as detailed in their release notes. Security practitioners should update affected instances to version 18.9.6 or later for the 18.9 series, 18.10.4 or later for the 18.10 series, and 18.11.1 or later for the 18.11 series. Additional details are available in the GitLab work item and the originating HackerOne disclosure report.
Details
- CWE(s)