Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab CE/EE: Unauthenticated users can cause denial of service
CVE-2026-1069
BIT-gitlab-2026-1069
Summary
All versions of GitLab CE and EE up to 18.9.2 are affected. An attacker could send a specially crafted request, potentially crashing the system. Update to version 18.9.2 or later to fix the issue.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially craft...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.
nvd CVSS3.1
7.5
Vulnerability type
CWE-674
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026