CVE-2026-1606
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A vulnerability in GitLab CE/EE allows an authenticated user to conceal content within a Snippet due to improper input validation. The issue affects versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1.
Risk Assessment
The risk involves the possibility of hiding unwanted or malicious content in a Snippet, which could lead to a breach of security policy or content control in the organization.
Recommendation
It is recommended to immediately upgrade GitLab to version 18.11.6, 19.0.3, or 19.1.1 depending on the branch in use.
Original NVD description (English source)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.

