XSS in GitLab EE Duo Agent output rendering

Successful exploitation allows attacker-controlled JavaScript to run in the victim user’s browser within the GitLab application context. Based on the provided context and CVSS vector (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), this can result in session hijacking, theft of tokens or other sensitive data accessible to the victim session, and unauthorized actions performed as the victim, including manipulation of repositories or other GitLab resources available to that user. No direct availability impact is indicated in the provided material.

If immediate patching is not possible, reduce exposure by limiting access to affected GitLab EE instances to trusted users, especially where untrusted authenticated users can submit or influence Duo Agent-rendered content. Monitor for suspicious injected content and unusual browser-driven actions in GitLab sessions. Because the root cause is improper input sanitization in rendered output, temporary risk reduction depends primarily on restricting who can create or modify content that is rendered through the vulnerable component until patched. No vendor-specific workaround beyond upgrading was provided in the supplied content.

Upgrade GitLab EE to a fixed release: 18.9.7 or later for the 18.7/18.8/18.9 release line, 18.10.6 or later for the 18.10 release line, or 18.11.3 or later for the 18.11 release line. GitLab’s May 13, 2026 security updates remediate this issue. For self-managed deployments, administrators were instructed to upgrade immediately. The provided context notes that single-node upgrades require downtime because database migrations must complete before restart, while multi-node deployments can use standard zero-downtime upgrade procedures.