Primary

Context

GitLab EE Denial-of-Service Vulnerability via File Upload

Vulnerability

Patched

A denial-of-service vulnerability has been identified in GitLab EE, affecting all versions from 11.9 prior to 18.9.7, 18.10 prior to 18.10.6, and 18.11 prior to 18.11.3. The issue arises from improper validation, which could have allowed an unauthenticated user to upload a specially crafted file, leading to service disruption.

Impact

Exploitation of this vulnerability could cause a denial-of-service condition, disrupting normal service operations.

Remediation

Users can upgrade to GitLab versions 18.11.3, 18.10.6, or 18.9.7 to address this vulnerability.

Added: May 14, 2026, 6:54 AM

Updated: May 14, 2026, 6:54 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

7.4

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab EE Denial-of-Service Vulnerability via File Upload

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating