Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab CE/EE: Unauthenticated users can crash the Jira integration
CVE-2026-1662
Summary
An attacker could have sent a specific request to the Jira integration endpoint, potentially causing the integration to crash. This issue affects all versions of GitLab from 14.4 up to 18.9.1, and versions 18.8 up to 18.8.5. To fix this, update to the latest version of your GitLab installation.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gitlab | gitlab | > 14.4.0 , <= 18.7.5 | – |
| gitlab | gitlab | > 14.4.0 , <= 18.7.5 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.5 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.5 | – |
| gitlab | gitlab | 18.9.0 | – |
| gitlab | gitlab | 18.9.0 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause De...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint.
nvd CVSS3.1
7.5
Vulnerability type
CWE-770
Allocation of Resources Without Limits
- https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-release... Release Notes Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/588206 Broken Link
- https://hackerone.com/reports/3519694 Permissions Required
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026