CyberSec.Space Logo
Back to CVE Browser

CVE-2026-6976

LOW
3.7
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile20.29th
PublishedJun 11, 2026
Last ModifiedJun 11, 2026

Vulnerability Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to improper input handling of file names.

Affected Platforms (CPE)

πŸ“¦
Gitlab

Gitlab

>= 15.9.0 and < 18.10.8
πŸ“¦
Gitlab

Gitlab

>= 15.9.0 and < 18.10.8
πŸ“¦
Gitlab

Gitlab

>= 18.11.0 and < 18.11.5
πŸ“¦
Gitlab

Gitlab

>= 18.11.0 and < 18.11.5
πŸ“¦
Gitlab

Gitlab

>= 19.0.0 and < 19.0.2
πŸ“¦
Gitlab

Gitlab

>= 19.0.0 and < 19.0.2

References & Advisories

πŸ”— https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/
πŸ”— https://gitlab.com/gitlab-org/gitlab/-/work_items/598165
πŸ”— https://hackerone.com/reports/3638136

Related Vulnerabilities

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2021-2220510.0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image f...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2018-1884310.0

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSR...