PT-2026-21996 · Gitlab · Gitlab Ce/Ee

Vinax

Published

2026-02-25

Updated

2026-03-02

CVE-2026-1725

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 18.9.1

Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to disrupt service by sending crafted requests to a CI jobs API endpoint. The issue involves specially crafted requests targeting the /api/v1/ci/jobs API endpoint. The vulnerability does not require authentication to exploit.

Recommendations Update to GitLab CE/EE version 18.9.1 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-03434

BIT-GITLAB-2026-1725

CVE-2026-1725

Affected Products

Gitlab Ce/Ee

PT-2026-21996 · Gitlab · Gitlab Ce/Ee

CVE-2026-1725

Weakness Enumeration

Related Identifiers

Affected Products

References · 14