Book a meeting

› 06:54:50 BSI CVE-2026-53435 Jenkins: Mehrere Schwachstellen · › 05:59:50 BSI CVE-2026-52717 GStreamer: Mehrere Schwachstellen · › 11:55:00 CERT.PL CVE-2026-5482 Responsive FileManager software · › 11:29:50 BSI — Aqua Security Trivy: Schwachstelle ermöglicht Manipulation von Dateien · › 11:19:49 BSI CVE-2026-44188 Red Hat Ansible Automation Platform: Mehrere Schwachstellen · › 11:14:50 BSI CVE-2024-53172 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service · › 11:09:50 BSI CVE-2026-46243 Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation · › 10:55:00 CERT.PL CVE-2026-11860 Quick.CMS software · › 10:49:52 BSI CVE-2026-8296 Octopus Deploy: Schwachstelle ermöglicht Cross-Site Scripting · › 10:49:51 BSI CVE-2026-28847 WebKitGTK: Mehrere Schwachstellen · › 10:49:51 BSI — Contao: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen · › 10:49:50 BSI CVE-2026-25243 Redis: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Pr… ·

← Back to console

Critical CCB · Belgium CVE-2026-6552

Multiple high vulnerabilities in GitLab CC/EE

Published 15 June 2026 at 08:25

Description

CVE-2026-6552: A remote, authenticated threat actor without any user interaction can exploit this vulnerability in the Group SAML identity management functionality to take over another group member’s account. CVE-2026-10087: A network based, authenticated threat actor with developer-role permissions can exploit this vulnerability in the Analytics Dashboard to execute arbitrary code. The attacker can only achieve that if they manage to make the user interact with a malicious payload, which can then use the user’s browser to run client-side code. CVE-2026-7250: A remote, unauthenticated threat actor without any user interaction can exploit this vulnerability in the Grape API JSON parsing middleware to cause system disruption and eventually system crash and denial-of-service. CVE-2026-8589: A