A vulnerability was found in GitLab Enterprise Edition up to 18.10.7/18.11.4/19.0.1 . It has been declared as problematic . The affected element is an unknown function of the component Setting Handler . Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-8589 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.