GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.
References
| Link | Resource |
|---|---|
| https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/ | Release Notes Vendor Advisory |
| https://gitlab.com/gitlab-org/gitlab/-/work_items/588128 | Broken Link |
| https://hackerone.com/reports/3527473 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
26 Jun 2026, 18:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/ - Release Notes, Vendor Advisory | |
| References | () https://gitlab.com/gitlab-org/gitlab/-/work_items/588128 - Broken Link | |
| References | () https://hackerone.com/reports/3527473 - Permissions Required | |
| First Time |
Gitlab
Gitlab gitlab |
|
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:* |
25 Jun 2026, 05:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 05:16
Updated : 2026-06-26 18:40
NVD link : CVE-2026-1606
Mitre link : CVE-2026-1606
CVE.ORG link : CVE-2026-1606
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
