PT-2026-40855 · Gitlab · Gitlab Ce/Ee

Published

2026-05-14

·

Updated

2026-05-18

·

CVE-2025-14870

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.5 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2
Description An issue exists where an unauthenticated user can cause a denial of service by sending specially crafted JSON payloads. This is possible due to insufficient input validation.
Recommendations Update versions 18.5 through 18.9.6 to 18.9.7. Update versions 18.10 through 18.10.5 to 18.10.6. Update versions 18.11 through 18.11.2 to 18.11.3.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07010
BIT-GITLAB-2025-14870
CVE-2025-14870

Affected Products

Gitlab Ce/Ee