HIGHCVE-2026-1069Published 2026-03-11Modified 2026-03-11CNA GitLab

CVE-2026-1069: Uncontrolled Recursion in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: 18.9.2
Affected Products: 1

Fix available

18.9.2

Affected packages

GitLab / GitLab
< 18.9.2 (from 18.9)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

HackerOne Bug Bounty Report #3483687
gitlab.com
about.gitlab.com

Metrics

Fix available