CVE-2026-6976
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. Under certain conditions, an authenticated user with developer-role permissions could hide changes from merge request diff views due to improper input handling of file names.
Risk Assessment
The organization may be at risk of users with developer permissions manipulating diff views, potentially leading to unauthorized changes in the code. This could affect the integrity of the project and trust in the version control system.
Recommendation
It is recommended to update GitLab to the latest version to mitigate this vulnerability. Additionally, conduct an audit of user permissions to ensure that only appropriate individuals have access to critical features.
Original NVD description (English source)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to improper input handling of file names.

