Critical Template Injection in GitLab AI Gateway Duo Workflow Service (CVE-2026-1868)
GitLab remediated CVE-2026-1868, a critical flaw in the Duo Workflow Service component of GitLab AI Gateway caused by improper neutralization during template expansion of user-supplied data. By submitting crafted Duo Agent Platform Flow definitions, an attacker could trigger denial of service or potentially achieve remote code execution (RCE) on the AI Gateway, turning the AI workflow feature into an execution path on the underlying gateway service.
The issue impacts self-hosted GitLab AI Gateway deployments across multiple version tracks, including versions starting at 18.1.6, 18.2.6, and 18.3.1 up to vulnerable releases such as 18.6.1, 18.7.0, and 18.8.0. GitLab released fixes in 18.6.2, 18.7.1, and 18.8.1; exploitation requires authenticated access to the GitLab instance (e.g., a compromised developer account or malicious insider), and GitLab reported the issue was discovered internally (by a GitLab team member, per reporting).
Timeline
Feb 9, 2026
Canadian Centre for Cyber Security issues alert on GitLab advisory
The Canadian Centre for Cyber Security published advisory AV26-103 highlighting GitLab's February 6 security advisory and urging administrators to review the issue and apply the required updates. The alert reiterated the affected version ranges and the patched releases.
Feb 6, 2026
GitLab publishes advisory and releases patched AI Gateway versions
On February 6, 2026, GitLab published a security advisory for CVE-2026-1868 affecting self-hosted GitLab Duo AI Gateway deployments. GitLab released fixes in versions 18.6.2, 18.7.1, and 18.8.1 and advised self-managed customers to upgrade immediately.
Feb 6, 2026
GitLab internally discovers AI Gateway template expansion flaw
GitLab reported that CVE-2026-1868, an insecure template expansion issue in the Duo Workflow Service of GitLab AI Gateway, was discovered internally by a team member identified as Joern. The flaw could allow denial of service or arbitrary code execution through crafted Duo Agent Platform Flow definitions.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
GitLab patches CSRF and XSS flaws enabling token theft and browser-side code execution
GitLab disclosed and remediated three high-severity vulnerabilities in GitLab CE/EE that could be exploited by unauthenticated attackers under certain conditions. **CVE-2026-4922** is a cross-site request forgery flaw (`CWE-352`) that could let an attacker trigger GraphQL mutations as an authenticated user, while **CVE-2026-5262** is a cross-site scripting issue (`CWE-79`) that could expose tokens in the Storybook development environment. GitLab also fixed **CVE-2026-5816**, an improper path validation flaw (`CWE-41`) that could allow arbitrary JavaScript execution in a victim’s browser session. The issues affect multiple GitLab CE/EE release lines, with patched versions identified as **18.9.6**, **18.10.4**, and **18.11.1** depending on the flaw. CVE-2026-4922 affects versions from `17.0` before `18.9.6`, `18.10` before `18.10.4`, and `18.11` before `18.11.1`; CVE-2026-5262 affects versions from `16.1.0` before `18.9.6`, `18.10` before `18.10.4`, and `18.11` before `18.11.1`; and CVE-2026-5816 affects `18.10` before `18.10.4` and `18.11` before `18.11.1`. The vulnerabilities carry CVSS v3.1 ratings reflecting high confidentiality and integrity impact, and GitLab linked the disclosures to its patch release notice, internal work items, and HackerOne reports.
2 weeks ago
GitLab Patches High-Severity 2FA Bypass and DoS Vulnerabilities in CE/EE
GitLab released security updates for self-managed **GitLab Community Edition (CE)** and **Enterprise Edition (EE)** to fix a high-severity **two-factor authentication (2FA) bypass** and multiple **denial-of-service (DoS)** flaws. The most significant issue, **CVE-2026-0723** (CVSS 7.4), is an *unchecked return value* weakness in authentication services that could allow an attacker with knowledge of a victim’s credential/account ID to bypass 2FA by submitting forged device responses. GitLab also patched DoS vulnerabilities affecting unauthenticated and authenticated scenarios, including crafted malformed authentication data against the **Jira Connect** integration (**CVE-2025-13927**), incorrect authorization validation in API endpoints such as the **Releases API** (**CVE-2025-13928**), malformed Wiki documents that bypass cycle detection (**CVE-2025-13335**), and repeated malformed SSH authentication requests (**CVE-2026-1102**). Fixed releases are **18.8.2**, **18.7.2**, and **18.6.4**; GitLab advised administrators to upgrade immediately, noting *GitLab.com* is already patched, while third-party tracking indicated thousands of exposed GitLab CE instances remain online and potentially at risk if unpatched.
1 months ago
GitLab Patches XSS and API Denial-of-Service Vulnerabilities in CE/EE
GitLab released security updates for **GitLab Community Edition (CE)** and **Enterprise Edition (EE)**, shipping patched versions **18.9.2**, **18.8.6**, and **18.7.6** to address multiple vulnerabilities affecting self-managed deployments. The Canadian Centre for Cyber Security issued advisory **AV26-222** urging organizations to review GitLab’s upstream advisory and apply the updates for any instances running versions prior to those releases. The update fixes **15 security issues**, including a high-severity **XSS** vulnerability (**CVE-2026-1090**, CVSS 8.7) in Markdown placeholder processing when the relevant feature flag is enabled, which could allow an authenticated attacker to inject malicious JavaScript into a victim’s browser. GitLab also addressed several **denial-of-service** conditions, including issues impacting the **GraphQL API** (resource exhaustion via recursion), repository archive endpoints, and JSON payload validation in the protected branches API; additional fixes include webhook-related DoS risks (e.g., **CVE-2025-13690**, **CVE-2025-12576**) and a **CRLF sequence** handling issue (**CVE-2026-3848**).
1 months ago