GitLab CE/EE — stored XSS in analytics dashboards (CVSS 8.7); cited as dropped from § 2

cve · CVE-2026-6073

Coverage timeline

first 2026-05-17 → last 2026-05-17

Briefs

1 distinct

Sources cited

4 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-05-17CTI Daily Brief — 2026-05-17

Source distribution

attack.mitre.org5 (62%)
advisories.ncsc.nl1 (12%)
bitdefender.com1 (12%)
sentinelone.com1 (12%)

External references

NVD · cve.org · CISA KEV

All cited sources (8)

advisories.ncsc.nlprimaryinlineNCSC-NL NCSC-2026-0161, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0161.json
source profile · cited in 2026-05-17
attack.mitre.orginlineT1072https://attack.mitre.org/techniques/T1072/
cited in 2026-05-16
attack.mitre.orginlineT1195.002https://attack.mitre.org/techniques/T1195/002/
cited in 2026-05-16
attack.mitre.orginlineT1204https://attack.mitre.org/techniques/T1204/
cited in 2026-05-16
attack.mitre.orginlineT1547https://attack.mitre.org/techniques/T1547/
cited in 2026-05-16
attack.mitre.orginlineT1555https://attack.mitre.org/techniques/T1555/
cited in 2026-05-16
bitdefender.cominlineBitdefender Business Insights, 2026-05-13https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry
cited in 2026-05-17
sentinelone.cominlineSentinelOne, 2026-05-15https://www.sentinelone.com/blog/living-off-the-pipeline-defending-against-ci-cd-subversion/
source profile · cited in 2026-05-16

Items in briefs about GitLab CE/EE — stored XSS in analytics dashboards (CVSS 8.7); cited as dropped from § 2

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.