CVE-2026-6269

CVE-2026-6269 : GitLab CE/EE remediation for a flaw where, under certain conditions, an authenticated user with developer-role permissions could modify hidden merge requests due to incorrect authorization enforcements. Affected versions: 15.10 prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 pr...

CVE-2026-6269 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

EUVD-2026-36228

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

CVE-2026-6976

GitLab CVE-2026-6976 affects GitLab CE/EE with versions 15.9–1x prior to 18.10.8, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2. An authenticated user with developer permissions could, under certain conditions, hide changes in merge request diff views due to improper input handling of file nam...

CVE-2026-6976 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to...

Malicious code in tailwindcss-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...

MAL-2026-5632 Malicious code in tailwindcss-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37e379cbf2d39f386221b7e0896b9331c7a52dc62a74bee6ded47962a77074b7 Package name tailwindcss-merge is a one-character edit of the popular tailwind-merge utility, and the README documents it as a drop-in import ... fro...

PT-2026-48652

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Improper input handling of file names allows an authenticated user with developer-role permissions to...

PT-2026-48650

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Incorrect authorization enforcements allow an authenticated user with developer-role permissions to...

GitLab 15.9 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6976)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 15.9, 18.10.8, 18.11.5, and 19.0.2...

GitLab 15.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6269)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

Gitlab -- vulnerabilities

Gitlab reports: Improper Access Control issue in Group SAML Identity API impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Denial of Service issue in Grape API JSON parsing middleware impacts GitLab CE/EE HTML injection issue in certain group setting fields...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 15.10, 18.10.8, 18.11.5, and 19.0.2...

CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

CVE-2026-42563

CVE-2026-42563 affects the Python package Dulwich (versions

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

EUVD-2026-36175

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...