Scanner gratuitement

Cette page n'a pas encore été traduite dans votre langue. Affichage du contenu en anglais pendant que nous y travaillons.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

MEDIUMCVE-2026-8280CVSS 6.5

CVE-2026-8280: DoS in GitLab 8.3 - 18.11.3

Plateforme

gitlab

Composant

gitlab

Corrigé dans

18.11.3

Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2026-8280 describes a denial-of-service (DoS) vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an authenticated user to trigger excessive memory consumption within the GitLab instance, potentially leading to service instability and unavailability. The vulnerability impacts versions 8.3 up to and including 18.11.3, with a fix available in version 18.11.3.

Impact et Scénarios d'Attaquetraduction en cours…

An attacker exploiting CVE-2026-8280 could leverage a crafted input to exhaust GitLab's memory resources. This can manifest as a complete service outage, preventing legitimate users from accessing the platform. The impact is particularly severe in production environments where GitLab is critical for code management and collaboration. While the vulnerability requires authentication, a compromised user account or a user with sufficient privileges could be exploited to cause significant disruption. The memory exhaustion could also indirectly impact other processes running on the same server, potentially affecting related services.

Contexte d'Exploitationtraduction en cours…

CVE-2026-8280 was published on May 14, 2026. Its severity is currently assessed as medium (CVSS 6.5). There are no public exploits or active campaigns reported at this time. The vulnerability is not currently listed on KEV or EPSS, indicating a low probability of immediate exploitation. Monitor security advisories and threat intelligence feeds for any changes in the exploitation landscape.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée
Rapports1 rapport de menace

CISA SSVC

Exploitationnone
Automatisableno
Impact Techniquepartial

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H6.5MEDIUMAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredLowNiveau d'authentification requisUser InteractionNoneSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityNoneRisque d'exposition de données sensiblesIntegrityNoneRisque de modification non autorisée de donnéesAvailabilityHighRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Faible — tout compte utilisateur valide est suffisant.
User Interaction
Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Aucun — aucun impact sur la confidentialité.
Integrity
Aucun — aucun impact sur l'intégrité.
Availability
Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantgitlab
FournisseurGitLab
Version minimale8.3
Version maximale18.11.3
Corrigé dans18.11.3

Classification de Faiblesse (CWE)

CWE-770

Chronologie

  1. Réservé
  2. Publiée

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2026-8280 is to upgrade GitLab to version 18.11.3 or later. If immediate upgrading is not feasible, consider implementing temporary workarounds such as rate limiting on specific API endpoints or restricting user input sizes. Monitoring GitLab's memory usage is also crucial to detect potential exploitation attempts. Review user permissions and ensure least privilege principles are enforced to limit the potential impact of a compromised account. After upgrading, confirm the fix by attempting to trigger the vulnerable input and verifying that memory consumption remains within acceptable limits.

Comment corrigertraduction en cours…

Actualice GitLab a la versión 18.9.7 o superior, 18.10.6 o superior, o 18.11.3 o superior para mitigar la vulnerabilidad de denegación de servicio. Esta actualización aborda la falta de validación de entrada que permitía un consumo excesivo de memoria.

Questions fréquentestraduction en cours…

What is CVE-2026-8280 — DoS in GitLab 8.3 - 18.11.3?

CVE-2026-8280 is a denial-of-service vulnerability in GitLab CE/EE versions 8.3 through 18.11.3. An authenticated user can trigger excessive memory consumption, potentially causing service disruption.

Am I affected by CVE-2026-8280 in GitLab 8.3 - 18.11.3?

You are affected if you are running GitLab CE/EE versions 8.3 through 18.11.3. Upgrade to version 18.11.3 or later to mitigate the vulnerability.

How do I fix CVE-2026-8280 in GitLab 8.3 - 18.11.3?

Upgrade GitLab to version 18.11.3 or later. Consider temporary workarounds like rate limiting if immediate upgrading is not possible.

Is CVE-2026-8280 being actively exploited?

Currently, there are no reports of active exploitation or public exploits for CVE-2026-8280, but monitoring is still recommended.

Where can I find the official GitLab advisory for CVE-2026-8280?

Refer to the official GitLab security advisory for CVE-2026-8280 on the GitLab website: [https://gitlab.com/security/advisories/](https://gitlab.com/security/advisories/)

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE
en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...