Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab: Unauthenticated Users Can Crash Your Repository
CVE-2025-13929
BIT-gitlab-2025-13929
Summary
Unauthenticated users can cause a denial of service by sending specific requests to your GitLab repository archive endpoints. This means your repository might become unavailable if an attacker takes advantage of this flaw. Update to the latest version of GitLab to fix this issue.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
| gitlab | gitlab | > 10.0.0 , <= 18.7.6 | – |
| gitlab | gitlab | > 10.0.0 , <= 18.7.6 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.6 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.6 | – |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a ...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions.
nvd CVSS3.1
7.5
Vulnerability type
CWE-770
Allocation of Resources Without Limits
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026