CVE-2026-2845

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab11.2 < 18.7.5affected
GitLabGitLab18.8 < 18.8.5affected
GitLabGitLab18.9 < 18.9.1affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References