GitLab Web IDE workbench stored XSS (CVSS 8.0) — patched 19.1.1/19.0.3/18.11.6; assessed, did not clear §2 gate
cve · CVE-2026-10712
Coverage timeline
1
first 2026-06-26 → last 2026-06-26
Briefs
1
1 distinct
Sources cited
15
10 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-26CTI Daily Brief — 2026-06-26
Source distribution
- attack.mitre.org5 (33%)
- advisories.ncsc.nl2 (13%)
- bitdefender.com1 (7%)
- docs.gitlab.com1 (7%)
- maine.gov1 (7%)
- prnewswire.com1 (7%)
- proofpoint.com1 (7%)
- sentinelone.com1 (7%)
- other2 (13%)
External references
All cited sources (15)
- docs.gitlab.comprimaryinlineGitLab 19.0.1https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-1-released/
- advisories.ncsc.nlinlineNCSC-NL advisory NCSC-2026-0168https://advisories.ncsc.nl/advisory?id=NCSC-2026-0168
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0161, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0161.json
- attack.mitre.orginlineT1072https://attack.mitre.org/techniques/T1072/
- attack.mitre.orginlineT1195.002https://attack.mitre.org/techniques/T1195/002/
- attack.mitre.orginlineT1204https://attack.mitre.org/techniques/T1204/
- attack.mitre.orginlineT1547https://attack.mitre.org/techniques/T1547/
- attack.mitre.orginlineT1555https://attack.mitre.org/techniques/T1555/
- bitdefender.cominlineBitdefender Business Insights, 2026-05-13https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry
- maine.govinlineMaine AG filinghttps://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d6729ef2-7bb3-42d3-abdd-99a1dd8f2415.html
- prnewswire.cominlinePR Newswire substitute noticehttps://www.prnewswire.com/news-releases/carnival-corporation-notice-of-data-breach-302783524.html
- proofpoint.cominlineProofpoint, 2026-06-15https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal
- sentinelone.cominlineSentinelOne, 2026-05-15https://www.sentinelone.com/blog/living-off-the-pipeline-defending-against-ci-cd-subversion/
- thehackernews.cominlineThe Hacker News, 2026-06-16https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html
- veeam.cominlineVeeam KB4852https://www.veeam.com/kb4852
Items in briefs about GitLab Web IDE workbench stored XSS (CVSS 8.0) — patched 19.1.1/19.0.3/18.11.6; assessed, did not clear §2 gate
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.