CVE-2026-1606

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*

History

26 Jun 2026, 18:40

Type Values Removed Values Added
References () https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/ - () https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/ - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab/-/work_items/588128 - () https://gitlab.com/gitlab-org/gitlab/-/work_items/588128 - Broken Link
References () https://hackerone.com/reports/3527473 - () https://hackerone.com/reports/3527473 - Permissions Required
First Time Gitlab
Gitlab gitlab
CPE cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*

25 Jun 2026, 05:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 05:16

Updated : 2026-06-26 18:40


NVD link : CVE-2026-1606

Mitre link : CVE-2026-1606

CVE.ORG link : CVE-2026-1606


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')