Critical GitLab Vulnerabilities Enable XSS and DoS Attacks

Severity: High (Score: 72.2)

Sources: Cybersecuritynews, Gbhackers

Summary

On May 13, 2026, GitLab released critical patch versions 18.11.3, 18.10.6, and 18.9.7 to address multiple high-severity vulnerabilities. These flaws could be exploited by threat actors to hijack developer sessions through cross-site scripting (XSS) or to launch unauthenticated denial-of-service (DoS) attacks that could disrupt continuous integration pipelines. The vulnerabilities pose a significant risk to organizations using GitLab for their development processes. GitLab's urgent update aims to mitigate these risks and protect users from potential exploitation. Security teams are advised to apply the patches immediately to safeguard their systems. Key Points: • GitLab issued critical patches for vulnerabilities allowing XSS and DoS attacks. • Attackers could hijack sessions or crash CI/CD pipelines without authentication. • Organizations using GitLab must apply updates to mitigate these high-severity flaws.

Key Entities

• DDoS (attack_type)
• XSS (vulnerability)
• Cwe-79 - Cross-site Scripting (xss) (cwe)
• Gitlab (platform)