CVE-2026-1094 — Vulnetix

CVE-2026-1094 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

EPSS 0.02% · 6.9th percentile

Risk Scores

EPSS Score

0.02%

6.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	18.8.0
Bitnami	gitlab	18.8.0

Timeline

Feb 11, 2026 CVE Published
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score

References

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/586483 url
https://hackerone.com/reports/3502519 url
https://nvd.nist.gov/vuln/detail/CVE-2026-1094 url

Open in Interactive Console →