Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab: Denial of Service via Malformed JSON Input in API
CVE-2025-14513
BIT-gitlab-2025-14513
Summary
Certain versions of GitLab are susceptible to a denial of service attack. An attacker can send specially crafted data to the protected branches API, which could crash the server. Update to the latest version of GitLab to fix this issue.
What to do
- Update gitlab to version 18.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | gitlab | > 18.9.0 , <= 18.9.2 | 18.9.2 |
| gitlab | gitlab | > 16.11.0 , <= 18.7.6 | – |
| gitlab | gitlab | > 16.11.0 , <= 18.7.6 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.6 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.6 | – |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
| gitlab | gitlab | > 18.9.0 , <= 18.9.2 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API.
nvd CVSS3.1
7.5
Vulnerability type
CWE-1284
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026