Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab CE/EE Versions 18.9 Before 18.9.1: Unauthorized Access to CI Jobs API May Cause Service Disruption
CVE-2026-1725
Summary
An attacker could have sent a special request to the CI jobs API, potentially causing a denial of service. This issue affected older versions of GitLab, but it's now fixed in version 18.9.1. If you're running an affected version, update to the latest patch to prevent potential service disruptions.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gitlab | gitlab | 18.9.0 | – |
| gitlab | gitlab | 18.9.0 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sen...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.
nvd CVSS3.1
7.5
Vulnerability type
CWE-770
Allocation of Resources Without Limits
- https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-release... Release Notes Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/588338 Broken Link
- https://hackerone.com/reports/3519773 Permissions Required
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026