GitLab CE/EE GraphQL API Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the GitLab Community Edition (CE) and Enterprise Edition (EE) GraphQL API, affecting all versions from 18.9 prior to 18.9.2. This vulnerability could have allowed an unauthenticated user to cause a denial-of-service condition by sending specially crafted GraphQL requests, leading to uncontrolled recursion under certain circumstances.

Impact

Exploitation of this vulnerability could have caused a denial-of-service condition, disrupting normal operations by causing the application to become unresponsive or unavailable.

Remediation

GitLab has released patch versions 18.9.2, 18.8.6, and 18.7.6, which address this vulnerability. Instructions for updating GitLab can be found on the GitLab Update page.

Added: Mar 11, 2026, 4:28 PM
Updated: Mar 11, 2026, 4:28 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
8.7
remediation
7.7
relevance
2.5
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.