CVE-2026-6976

🗓️ 11 Jun 2026 10:20:11Reported by GitLabType

CVE-2026-6976: Authenticated developers could hide diffs via file names; fixed in GitLab 18.10.8, 18.11.5, 19.0.2.

Reporter	Title	Published	Views	Family All 38
FreeBSD	Gitlab -- vulnerabilities	11 Jun 202600:00	–	freebsd
Circl	CVE-2026-6976	11 Jun 202612:45	–	circl
Cvelist	CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab	11 Jun 202610:20	–	cvelist
EUVD	EUVD-2026-36228	11 Jun 202610:20	–	euvd
Tenable Nessus	GitLab 15.9 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6976)	11 Jun 202600:00	–	nessus
NCSC	Vulnerabilities managed in GitLab Enterprise Edition	12 Jun 202607:39	–	ncsc
NVD	CVE-2026-6976	11 Jun 202612:16	–	nvd
OSV	BIT-GITLAB-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab	12 Jun 202609:05	–	osv
OSV	MINI-28WH-GC22-M4GJ	12 Jun 202616:55	–	osv
OSV	MINI-3H29-MMRQ-87PH	12 Jun 202616:54	–	osv

NVD

Vulners

Node

gitlab gitlabRange15.9.0–18.10.8community

gitlab gitlabRange15.9.0–18.10.8enterprise

gitlab gitlabRange18.11.0–18.11.5community

gitlab gitlabRange18.11.0–18.11.5enterprise

gitlab gitlabRange19.0.0–19.0.2community

gitlab gitlabRange19.0.0–19.0.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "15.9",
        "status": "affected",
        "lessThan": "18.10.8",
        "versionType": "semver"
      },
      {
        "version": "18.11",
        "status": "affected",
        "lessThan": "18.11.5",
        "versionType": "semver"
      },
      {
        "version": "19.0",
        "status": "affected",
        "lessThan": "19.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
about	www.about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/
hackerone	www.hackerone.com/reports/3638136
gitlab	www.gitlab.com/gitlab-org/gitlab/-/work_items/598165

11 Jun 2026 17:34Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.13.7

EPSS0.0001

SSVC

CWE-639