Platform
gitlab
Component
gitlab
Fixed in
18.8.9
18.9.5
18.10.3
CVE-2026-1092 describes a denial of service vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an unauthenticated user to potentially disrupt GitLab services by exploiting improper input validation of JSON payloads. The vulnerability impacts GitLab versions from 12.10.0 up to, but not including, 18.8.9, 18.9.x before 18.9.5, and 18.10.x before 18.10.3. A patch is available in version 18.10.3.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
Actualice a GitLab versión 18.8.9 o superior, 18.9.5 o superior, o 18.10.3 o superior para mitigar la vulnerabilidad. La actualización corrige la validación incorrecta de la cantidad especificada en las cargas útiles JSON, previniendo posibles ataques de denegación de servicio.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1092 is a denial of service (DoS) vulnerability in GitLab CE/EE. It allows an unauthenticated user to cause a service disruption by sending specially crafted JSON payloads that are not properly validated.
You are potentially affected if you are running GitLab CE or EE versions 12.10.0 through 18.10.3, including 18.9 before 18.9.5 and 18.10 before 18.10.3. Versions prior to 12.10.0 are also vulnerable.
Upgrade to GitLab version 18.10.3 or later to resolve this vulnerability. Refer to the official GitLab security advisory for detailed upgrade instructions.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.