Plateforme
gitlab
Composant
gitlab
Corrigé dans
18.8.9
18.9.5
18.10.3
CVE-2026-1092 describes a denial of service vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an unauthenticated user to potentially disrupt GitLab services by exploiting improper input validation of JSON payloads. The vulnerability impacts GitLab versions from 12.10.0 up to, but not including, 18.8.9, 18.9.x before 18.9.5, and 18.10.x before 18.10.3. A patch is available in version 18.10.3.
Statut de l'Exploit
EPSS
0.04% (percentile 12%)
CISA SSVC
Actualice a GitLab versión 18.8.9 o superior, 18.9.5 o superior, o 18.10.3 o superior para mitigar la vulnerabilidad. La actualización corrige la validación incorrecta de la cantidad especificada en las cargas útiles JSON, previniendo posibles ataques de denegación de servicio.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-1092 is a denial of service (DoS) vulnerability in GitLab CE/EE. It allows an unauthenticated user to cause a service disruption by sending specially crafted JSON payloads that are not properly validated.
You are potentially affected if you are running GitLab CE or EE versions 12.10.0 through 18.10.3, including 18.9 before 18.9.5 and 18.10 before 18.10.3. Versions prior to 12.10.0 are also vulnerable.
Upgrade to GitLab version 18.10.3 or later to resolve this vulnerability. Refer to the official GitLab security advisory for detailed upgrade instructions.
Vecteur CVSS
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.