CVE-2026-1094 — Improper Validation of Unsafe Equivalence in Input in Gitlab

CWE-1289 — Improper Validation of Unsafe Equivalence in Input6 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 93.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedFeb 11

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages5 packages

▶CVEListV5gitlab/gitlab18.8 — 18.8.4

▶NVDgitlab/gitlab18.8.0 — 18.8.4

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2026-1094: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18↗2026-02-11

▶

GHSA

GHSA-95p8-ccjw-3g7f: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18↗2026-02-11

▶

📋Vendor Advisories

GitLab

CVE-2026-1094: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hi↗2026-02-11

▶

Debian

CVE-2026-1094: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1094 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶