What is the CVSS score of EUVD-2026-36233?

EUVD-2026-36233 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for EUVD-2026-36233?

Yes, a public proof-of-concept exploit is available for EUVD-2026-36233. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-36233?

Yes, a patch is available for EUVD-2026-36233. Update the affected software to the latest version immediately.

GitLab CE/EE EUVD-2026-36233

| CVE-2026-1500 MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-06-11 GitLab

GHSA-jfx9-cc6f-6x6q

Gitlab File Upload Denial Of Service

6.5

CVSS 3.1 · Vendor: GitLab

Severity by source

Vendor (GitLab) PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

vuln.today AI

6.5 MEDIUM

Network-accessible upload endpoint, low complexity, authenticated user required (PR:L); purely an availability impact with no confidentiality or integrity effects.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitLab).

CVSS VectorVendor: GitLab

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

Jun 11, 2026 - 13:01 EUVD

Analysis Generated

Jun 11, 2026 - 11:59 vuln.today

CVE Published

Jun 11, 2026 - 10:21 cve.org

MEDIUM 6.5

DescriptionCVE.org

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing a specially crafted file upload.

AnalysisAI

Uncontrolled resource consumption in GitLab CE/EE's file upload processing pipeline enables any authenticated user to trigger denial of service by submitting a specially crafted file. All self-managed GitLab instances running versions from 17.10 up through the patched releases (18.10.8, 18.11.5, 19.0.2) are affected across both Community and Enterprise Editions. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain authenticated GitLab account

Delivery

Craft file exploiting parser resource exhaustion

Exploit

Upload file to target GitLab project

Execution

Server processes unbound resource consumption

Impact

Instance availability degraded for all users

Access

Obtain authenticated GitLab account

Delivery

Craft file exploiting parser resource exhaustion

Exploit

Upload file to target GitLab project

Execution

Server processes unbound resource consumption

Impact

Instance availability degraded for all users

Vulnerability AssessmentAI

Exploitation	Attacker must hold an active, authenticated GitLab session (PR:L per CVSS vector) - no elevated or administrative privileges are required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) scores 6.5 Medium, reflecting a network-accessible, low-complexity attack requiring only an authenticated session. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker registers or logs into a GitLab instance and uploads a specially crafted file - such as a malformed archive or a format with pathological nesting - to a GitLab project via the web UI or API. The GitLab server begins processing the file, consuming unbound CPU or memory resources, causing the instance to become unresponsive or crash for all concurrent users. …
Remediation	Upgrade to the patched releases as directed by the GitLab vendor advisory at https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/: target 18.10.8 if on the 18.10 track, 18.11.5 if on the 18.11 track, or 19.0.2 if on the 19.0 track. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-8589 HIGH This Week POC

8.7 Jun 11

Stored cross-site scripting and account integrity abuse in GitLab Enterprise Edition versions 13.1.4 through 18.10.7, 18

CVE-2026-10087 HIGH This Week POC

8.7 Jun 11

Stored cross-site scripting in GitLab Enterprise Edition's Analytics Dashboard allows an authenticated developer-role us

CVE-2026-6552 HIGH This Week POC

8.7 Jun 11

Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack

CVE-2026-7250 HIGH This Week POC

7.5 Jun 11

Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows un

CVE-2026-6269 MEDIUM This Month POC

5.4 Jun 11

Incorrect authorization enforcement in GitLab CE/EE exposes hidden merge requests to unauthorized modification by authen

EUVD-2026-36233 vulnerability details – vuln.today

Back

GitLab CE/EE EUVD-2026-36233

Severity by source

CVSS VectorVendor: GitLab

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

More from same product – last 7 days

Share

External POC / Exploit Code