PT-2026-40854 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2025-14869

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.5 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description An issue exists where an unauthenticated user can cause a denial of service by sending specially crafted payloads to certain API endpoints.
Recommendations Update GitLab CE/EE versions 18.5 through 18.9.6 to version 18.9.7. Update GitLab CE/EE versions 18.10 through 18.10.5 to version 18.10.6. Update GitLab CE/EE versions 18.11 through 18.11.2 to version 18.11.3.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07009
BIT-GITLAB-2025-14869
CVE-2025-14869

Affected Products

Gitlab Ce/Ee