CVE-2026-44262: Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules
A remote code execution (RCE) vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of arbitrary PHP code in the application context.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-44262 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →