Primary

Context

GitLab CI Trigger API Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the GitLab CI trigger API, affecting GitLab Community Edition (CE) and Enterprise Edition (EE) versions 9.0 prior to 18.7.5, 18.8 prior to 18.8.5, and 18.9 prior to 18.9.1. Under certain circumstances, this vulnerability allowed an authenticated user with specific access to create specially crafted CI triggers via the API, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability could cause a denial-of-service condition, disrupting normal operations by overwhelming the system or causing it to become unresponsive.

Remediation

GitLab has released patch versions 18.9.1, 18.8.5, and 18.7.5, which include the necessary fix for this vulnerability. Users are strongly recommended to upgrade to one of these versions.

Added: Feb 25, 2026, 10:39 PM

Updated: Feb 25, 2026, 10:39 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

7.7

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CI Trigger API Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating