CVE Catalog

CVE-2026-1606

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

A vulnerability in GitLab CE/EE allows an authenticated user to conceal content within a Snippet due to improper input validation. The issue affects versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1.

Risk Assessment

The risk involves the possibility of hiding unwanted or malicious content in a Snippet, which could lead to a breach of security policy or content control in the organization.

Recommendation

It is recommended to immediately upgrade GitLab to version 18.11.6, 19.0.3, or 19.1.1 depending on the branch in use.

Original NVD description (English source)

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS