Volerion logoVolerion
Volerion logoVolerion

GitLab CE/EE Denial-of-Service Vulnerability Due to Uncontrolled CPU Consumption in GraphQL Queries

Vulnerability

A denial-of-service vulnerability has been identified in GitLab CE/EE versions 17.2 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1. This vulnerability allows an attacker to cause uncontrolled CPU usage, potentially leading to a denial-of-service condition, by using specific GraphQL queries.

Impact

Exploitation of this vulnerability can cause excessive CPU consumption, leading to degraded performance or unavailability of the GitLab instance.

Added: Sep 26, 2025, 10:32 AM
Updated: Sep 26, 2025, 2:49 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
5.2
remediation
0.0
relevance
0.6
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.