Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GitLab Container Registry Denial of Service Vulnerability
CVE-2025-14511
Summary
GitLab's container registry is at risk of crashing due to malicious files. All users who run affected versions of GitLab should update to the latest version to prevent denial of service attacks. Update GitLab to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gitlab | gitlab | > 12.2.0 , <= 18.7.5 | – |
| gitlab | gitlab | > 12.2.0 , <= 18.7.5 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.5 | – |
| gitlab | gitlab | > 18.8.0 , <= 18.8.5 | – |
| gitlab | gitlab | 18.9.0 | – |
| gitlab | gitlab | 18.9.0 | – |
Original title
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause de...
Original description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.
nvd CVSS3.1
7.5
Vulnerability type
CWE-1284
- https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-release... Release Notes Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/583717 Broken Link
- https://hackerone.com/reports/3452200 Permissions Required
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026