What is the CVSS score of CVE-2026-1660?

CVE-2026-1660 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2026-1660?

Yes, a public proof-of-concept exploit is available for CVE-2026-1660. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-1660?

Yes, a patch is available for CVE-2026-1660. Update the affected software to the latest version immediately.

GitLab CE/EE CVE-2026-1660

EUVD-2026-24959 MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-04-22 GitLab

GHSA-xv99-vgw5-r3gg

Denial Of Service Gitlab

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

PoC Detected

Apr 23, 2026 - 20:45 vuln.today

Public exploit code

Patch released

Apr 23, 2026 - 20:45 nvd

Patch available

Analysis Generated

Apr 23, 2026 - 00:17 vuln.today

Patch available

Apr 22, 2026 - 17:33 EUVD

EUVD ID Assigned

Apr 22, 2026 - 16:31 euvd

EUVD-2026-24959

Analysis Generated

Apr 22, 2026 - 16:31 vuln.today

CVE Published

Apr 22, 2026 - 16:04 nvd

MEDIUM 6.5

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.

AnalysisAI

Denial of service in GitLab CE/EE versions 12.3 through 18.11.0 allows authenticated users to trigger excessive resource consumption during issue import operations due to improper input validation on user-supplied data. The vulnerability affects all minor versions from 12.3 onwards until patched versions 18.9.6, 18.10.4, and 18.11.1. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

CVE-2026-1660 vulnerability details – vuln.today

Back

GitLab CE/EE CVE-2026-1660

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code