EUVD-2026-15937
GHSA-2jhc-hf67-8vgx
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5Tags
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.
Analysis
GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all GitLab CE/EE instances and confirm versions; implement network-level rate limiting on GraphQL endpoints (/api/graphql) and restrict API access to known trusted networks if possible. Within 7 days: Deploy WAF rules to detect and block malicious GraphQL queries with excessive complexity; monitor GitLab logs for suspicious GraphQL requests; establish incident response procedures for potential DoS events. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| sid | fixed | 17.6.5-19 | - |
| (unstable) | not-affected | - | - |
Share
External POC / Exploit Code
Leaving vuln.today