Medium

GitLab CE/EE Code Flow XSS

IdentifiersCVE-2025-14560CWE-79· Improper Neutralization of Input…

CVE-2025-14560 is a cross-site scripting vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting the vulnerability code flow / Code Flow feature. According to the provided advisory content, an authenticated user can inject malicious content into the vulnerability code flow and, under certain conditions, cause that content to execute in another user's browser context. This can result in the victim performing unauthorized actions on behalf of the attacker or otherwise within the attacker's intended workflow. Affected versions are all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an authenticated attacker to execute a stored or context-dependent XSS-style attack against another GitLab user interacting with the malicious content. The practical impact is unauthorized action execution in the victim's session context, which can lead to integrity compromise of GitLab data and workflows, and potentially confidentiality impact depending on the victim's privileges and accessible data. The supplied advisory material explicitly states this may allow actions to be performed on behalf of another user.

Mitigation

If you can’t patch tonight, do this now.

No specific product workaround is provided in the supplied advisory content. Until patching is completed, reduce exposure by limiting access to affected GitLab instances to trusted users and networks, restricting who can create or modify content in the affected vulnerability/code-flow workflows, and monitoring for suspicious injected content or anomalous actions originating from vulnerability-related workflows. If exploitation is suspected, investigate for historical compromise because patching alone does not remediate prior malicious actions.

Remediation

Patch, then assume compromise.

Upgrade GitLab CE/EE to a fixed version: 18.6.6 or later for affected 17.1-18.6 deployments, 18.7.4 or later for the 18.7 branch, or 18.8.4 or later for the 18.8 branch. GitLab advised self-managed customers to upgrade immediately. The provided content also notes that the patch release may include database migrations that can cause downtime on single-node instances; multi-node deployments can use zero-downtime upgrade procedures where applicable.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GitLabGitlabapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cyber security newsNews

Feb 11, 2026

GitLab Patches Multiple Vulnerabilities That Enables DoS and Cross-site Scripting Attacks

A high-severity stored XSS vulnerability in GitLab’s Code Flow feature that can execute attacker-controlled script in a victim’s session, enabling actions as the victim.

security online infoNews

Feb 11, 2026

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

GitLab XSS vulnerability in the vulnerability code flow that could allow an authenticated attacker to perform actions as another user.

gitlab releasesNews

Feb 10, 2026

GitLab Patch Release: 18.8.4, 18.7.4, 18.6.6 | GitLab

XSS in GitLab vulnerability Code Flow that could enable an authenticated attacker to act on behalf of another user under certain conditions.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-14560

NVD

nvd.nist.gov/vuln/detail/CVE-2025-14560

MITRE CWE · CWE-79

Improper Neutralization of Input During Web…

Vendor Advisory

about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released

Permissions Required

hackerone.com/reports/3461083