Primary

Context

GitLab CE/EE Infinite Loop Denial-of-Service Vulnerability in Wiki Redirects

Vulnerability

Patched

A denial-of-service vulnerability has been addressed in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 17.1 prior to 18.6.4, 18.7 prior to 18.7.2, and 18.8 prior to 18.8.2. Under certain conditions, this vulnerability allowed an authenticated user to create a denial-of-service situation by crafting malformed Wiki documents that bypassed existing cycle detection mechanisms.

Impact

Exploitation of this vulnerability could lead to an infinite loop condition, causing a denial-of-service situation where the application becomes unresponsive or unavailable.

Remediation

Users are advised to upgrade to GitLab versions 18.8.2, 18.7.2, or 18.6.4. This patch includes important security fixes but may require downtime during the upgrade process, especially for single-node instances. Multi-node instances can apply the upgrade without downtime with proper zero-downtime upgrade procedures.

Added: Jan 22, 2026, 10:21 AM

Updated: Jan 22, 2026, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Infinite Loop Denial-of-Service Vulnerability in Wiki Redirects

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating