Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.1
GitLab Incorrectly Displays Repository Code Downloads
CVE-2026-1230
BIT-gitlab-2026-1230
Summary
An authenticated user can download incorrect code from a repository in GitLab. This can happen if the user manipulates branch references. You should update to the latest version of GitLab to ensure accurate code downloads.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
Original title
Use of Incorrectly-Resolved Name or Reference in GitLab
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances.
nvd CVSS3.1
4.1
Vulnerability type
CWE-706
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026