GitLab CE/EE Denial-of-Service Vulnerability in Markdown Processor

Vulnerability

A denial-of-service vulnerability has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 8.0 prior to 18.6.6, 18.7 prior to 18.7.4, and 18.8 prior to 18.8.4. Under certain conditions, this vulnerability allowed an unauthenticated user to cause denial-of-service by uploading malicious files that disrupted normal service.

Impact

Exploitation of this vulnerability led to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users are advised to upgrade to GitLab versions 18.8.4, 18.7.4, or 18.6.6. Instructions for updating GitLab can be found on the GitLab Update page.

Added: Feb 11, 2026, 12:19 PM
Updated: Feb 11, 2026, 5:26 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
7.4
remediation
7.7
relevance
1.8
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.