Security Vulnerabilities - CVEs Published In January 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.
CVSS Score
8.7
EPSS Score
0.0
Published
2026-01-09
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.
CVSS Score
3.5
EPSS Score
0.0
Published
2026-01-09
This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-01-09
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-01-09
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-09
Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-01-09
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage.
CVSS Score
8.0
EPSS Score
0.0
Published
2026-01-09
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-01-09
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-09
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-09