Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

MEDIUMCVE-2026-8280CVSS 6.5

CVE-2026-8280: DoS in GitLab 8.3 - 18.11.3

Plataforma

gitlab

Componente

gitlab

Corrigido em

18.11.3

Ver no NVD

Salvar

Traduzindo para o seu idioma…

CVE-2026-8280 describes a denial-of-service (DoS) vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an authenticated user to trigger excessive memory consumption within the GitLab instance, potentially leading to service instability and unavailability. The vulnerability impacts versions 8.3 up to and including 18.11.3, with a fix available in version 18.11.3.

Impacto e Cenários de Ataquetraduzindo…

An attacker exploiting CVE-2026-8280 could leverage a crafted input to exhaust GitLab's memory resources. This can manifest as a complete service outage, preventing legitimate users from accessing the platform. The impact is particularly severe in production environments where GitLab is critical for code management and collaboration. While the vulnerability requires authentication, a compromised user account or a user with sufficient privileges could be exploited to cause significant disruption. The memory exhaustion could also indirectly impact other processes running on the same server, potentially affecting related services.

Contexto de Exploraçãotraduzindo…

CVE-2026-8280 was published on May 14, 2026. Its severity is currently assessed as medium (CVSS 6.5). There are no public exploits or active campaigns reported at this time. The vulnerability is not currently listed on KEV or EPSS, indicating a low probability of immediate exploitation. Monitor security advisories and threat intelligence feeds for any changes in the exploitation landscape.

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido

CISA KEVNO

Exposição na InternetAlta

Relatórios1 relatório de ameaça

CISA SSVC

Exploraçãonone

Automatizávelno

Impacto Técnicopartial

Vetor CVSS

O que significam essas métricas?

Attack Vector: Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity: Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
Privileges Required: Baixo — qualquer conta de usuário válida é suficiente.
User Interaction: Nenhuma — ataque automático e silencioso. A vítima não faz nada.
Scope: Inalterado — impacto limitado ao componente vulnerável.
Confidentiality: Nenhum — sem impacto na confidencialidade.
Integrity: Nenhum — sem impacto na integridade.
Availability: Alto — falha completa ou esgotamento de recursos. Negação de serviço total.

Software Afetado

Componentegitlab

FornecedorGitLab

Versão mínima8.3

Versão máxima18.11.3

Corrigido em18.11.3

Classificação de Fraqueza (CWE)

CWE-770

Linha do tempo

Reservado2026-05-11
Publicada2026-05-14

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2026-8280 is to upgrade GitLab to version 18.11.3 or later. If immediate upgrading is not feasible, consider implementing temporary workarounds such as rate limiting on specific API endpoints or restricting user input sizes. Monitoring GitLab's memory usage is also crucial to detect potential exploitation attempts. Review user permissions and ensure least privilege principles are enforced to limit the potential impact of a compromised account. After upgrading, confirm the fix by attempting to trigger the vulnerable input and verifying that memory consumption remains within acceptable limits.

Como corrigirtraduzindo…

Actualice GitLab a la versión 18.9.7 o superior, 18.10.6 o superior, o 18.11.3 o superior para mitigar la vulnerabilidad de denegación de servicio. Esta actualización aborda la falta de validación de entrada que permitía un consumo excesivo de memoria.

Perguntas frequentestraduzindo…

What is CVE-2026-8280 — DoS in GitLab 8.3 - 18.11.3?

CVE-2026-8280 is a denial-of-service vulnerability in GitLab CE/EE versions 8.3 through 18.11.3. An authenticated user can trigger excessive memory consumption, potentially causing service disruption.

Am I affected by CVE-2026-8280 in GitLab 8.3 - 18.11.3?

You are affected if you are running GitLab CE/EE versions 8.3 through 18.11.3. Upgrade to version 18.11.3 or later to mitigate the vulnerability.

How do I fix CVE-2026-8280 in GitLab 8.3 - 18.11.3?

Upgrade GitLab to version 18.11.3 or later. Consider temporary workarounds like rate limiting if immediate upgrading is not possible.

Is CVE-2026-8280 being actively exploited?

Currently, there are no reports of active exploitation or public exploits for CVE-2026-8280, but monitoring is still recommended.

Where can I find the official GitLab advisory for CVE-2026-8280?

Refer to the official GitLab security advisory for CVE-2026-8280 on the GitLab website: [https://gitlab.com/security/advisories/](https://gitlab.com/security/advisories/)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátis Buscar CVEs

ao vivoverificação gratuita

Experimente agora — sem conta

Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.

Escaneamento manualAlertas por Slack/e-mailMonitoramento ContínuoRelatórios de marca branca

Arraste e solte seu arquivo de dependências

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Procurar arquivos