Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

MEDIUMCVE-2026-1184CVSS 6.5

CVE-2026-1184: Insecure Deserialization in GitLab

Plataforma

gitlab

Componente

gitlab

Corrigido em

18.11.3

Ver no NVD

Salvar

Traduzindo para o seu idioma…

CVE-2026-1184 addresses an Insecure Deserialization vulnerability discovered in GitLab EE. This flaw allows an unauthenticated user to induce a denial of service (DoS) by uploading a specially crafted file. The vulnerability impacts GitLab EE versions ranging from 11.9.0 through 18.11.3, and is resolved in version 18.11.3.

Impacto e Cenários de Ataquetraduzindo…

Successful exploitation of CVE-2026-1184 allows an attacker to disrupt GitLab services, rendering them unavailable to legitimate users. The attacker does not require authentication, significantly broadening the potential attack surface. The denial of service can manifest as system instability, performance degradation, or complete service outage. While the vulnerability doesn't directly lead to data exfiltration or code execution, the disruption of GitLab services can severely impact development workflows and project timelines. The impact is amplified in environments where GitLab is a critical component of the software development lifecycle.

Contexto de Exploraçãotraduzindo…

CVE-2026-1184 was published on 2026-05-14. Its severity is currently assessed as Medium (CVSS 6.5). No public proof-of-concept (POC) code has been publicly released as of this writing. There are no indications of active exploitation campaigns targeting this vulnerability. The vulnerability is not currently listed on CISA Known Exploited Vulnerabilities (KEV) catalog.

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido

CISA KEVNO

Exposição na InternetAlta

Vetor CVSS

O que significam essas métricas?

Attack Vector: Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity: Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
Privileges Required: Baixo — qualquer conta de usuário válida é suficiente.
User Interaction: Nenhuma — ataque automático e silencioso. A vítima não faz nada.
Scope: Inalterado — impacto limitado ao componente vulnerável.
Confidentiality: Nenhum — sem impacto na confidencialidade.
Integrity: Nenhum — sem impacto na integridade.
Availability: Alto — falha completa ou esgotamento de recursos. Negação de serviço total.

Software Afetado

Componentegitlab

FornecedorGitLab

Versão mínima11.9.0

Versão máxima18.11.3

Corrigido em18.11.3

Classificação de Fraqueza (CWE)

CWE-502

Linha do tempo

Reservado2026-01-19
Publicada2026-05-14

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2026-1184 is to upgrade GitLab EE to version 18.11.3 or later. If immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting file uploads from unauthenticated users or implementing stricter file validation rules. Review GitLab's file upload policies and ensure they are enforced. Monitor GitLab logs for suspicious file upload activity. After upgrading, verify the fix by attempting a file upload with a known malicious payload (in a controlled environment) to confirm the vulnerability is no longer exploitable.

Como corrigirtraduzindo…

Actualice GitLab a la versión 18.9.7 o superior, 18.10.6 o superior, o 18.11.3 o superior para mitigar la vulnerabilidad de deserialización de datos no confiables. Esta actualización corrige la validación incorrecta de archivos cargados, previniendo posibles ataques de denegación de servicio.

Perguntas frequentestraduzindo…

What is CVE-2026-1184 — Insecure Deserialization in GitLab?

CVE-2026-1184 is a Medium severity vulnerability in GitLab EE allowing unauthenticated users to trigger a denial of service by uploading a crafted file due to improper validation. It affects versions 11.9.0–18.11.3.

Am I affected by CVE-2026-1184 in GitLab?

You are affected if you are running GitLab EE versions 11.9.0 through 18.11.3. Versions prior to 18.11.3 are vulnerable to denial of service attacks.

How do I fix CVE-2026-1184 in GitLab?

Upgrade GitLab EE to version 18.11.3 or later to resolve the vulnerability. Consider temporary workarounds like restricting unauthenticated file uploads if immediate upgrade is not possible.

Is CVE-2026-1184 being actively exploited?

As of the current assessment, there are no indications of active exploitation campaigns targeting CVE-2026-1184.

Where can I find the official GitLab advisory for CVE-2026-1184?

Refer to the official GitLab security advisory for CVE-2026-1184 on the GitLab website: [https://gitlab.com/security/advisories/](https://gitlab.com/security/advisories/)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátis Buscar CVEs

ao vivoverificação gratuita

Experimente agora — sem conta

Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.

Escaneamento manualAlertas por Slack/e-mailMonitoramento ContínuoRelatórios de marca branca

Arraste e solte seu arquivo de dependências

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Procurar arquivos