Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
GitLab Has a Denial of Service Vulnerability
CVE-2025-12576
BIT-gitlab-2025-12576
Summary
A security issue in GitLab could allow an authenticated user to cause a service outage. This issue affects all versions of GitLab from 9.3 up to 18.9.2, excluding 18.7.6, 18.8.6. To fix this, update to a patched version of GitLab.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
Original title
Allocation of Resources Without Limits or Throttling in GitLab
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.
nvd CVSS3.1
6.5
Vulnerability type
CWE-770
Allocation of Resources Without Limits
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026