CVE Catalog

CVE-2026-6976

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

1th percentile — higher than 1% of all known CVEs

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with developer-role permissions could hide changes from merge request diff views due to improper input handling of file names.

Risk Assessment

The organization may be at risk of users with developer permissions manipulating diff views, potentially leading to unauthorized changes in the code. This could affect the integrity of the project and trust in the version control system.

Recommendation

It is recommended to update GitLab to the latest version to mitigate this vulnerability. Additionally, conduct an audit of user permissions to ensure that only appropriate individuals have access to critical features.

Original NVD description (English source)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to improper input handling of file names.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS