GitLab
Moderate fix3 remedies
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*, +2 more
Moderate fix3 remedies
- >= 15.6, < 18.6.6
- >= 18.7, < 18.7.4
- >= 18.8, < 18.8.4
GitLab EE Denial-of-Service Vulnerability in Dashboard via GraphQL Queries
Vulnerability
Patched
A denial-of-service vulnerability has been identified in GitLab Enterprise Edition (EE) versions 15.6 prior to 18.6.6, 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. This vulnerability allowed authenticated users to cause service disruption by uploading malicious files to the dashboard and repeatedly querying these files through GraphQL, leading to resource exhaustion.
Impact
Exploitation of this vulnerability could cause a denial-of-service condition, disrupting normal user activities by overloading the server with excessive processing demands.
Remediation
Users are advised to upgrade to GitLab EE versions 18.8.4, 18.7.4, or 18.6.6.
Added: Feb 11, 2026, 12:19 PM
Updated: Feb 11, 2026, 4:27 PM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
2.5exploitability
5.2remediation
7.7relevance
2.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.