CVE-2026-1387

Summary

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.6 < 18.6.6affected
GitLabGitLab18.7 < 18.7.4affected
GitLabGitLab18.8 < 18.8.4affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References