CVE-2026-1725
Denial of Service in GitLab CI Jobs API via Unauthenticated Requests
Publication date: 2026-02-25
Last updated on: 2026-02-28
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | 18.9.0 |
| gitlab | gitlab | 18.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects GitLab CE/EE versions from 18.9 before 18.9.1. Under certain conditions, it could allow an unauthenticated user to cause a denial of service by sending specially crafted requests to a Continuous Integration (CI) jobs API endpoint.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) condition. An attacker who is not authenticated could exploit this issue to disrupt the availability of the GitLab CI jobs API endpoint, potentially interrupting CI/CD workflows and affecting service availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know