GitLab Addresses High-Risk Vulnerabilities Impacting Self-Managed Instances

CyberDefender 3 mins0

GitLab has released emergency security patches to fix multiple vulnerabilities in its DevOps platform that could be exploited by attackers to execute arbitrary code, bypass authorization, cause denial-of-service (DoS) conditions, and expose sensitive data — particularly in self-managed GitLab instances.

These flaws were disclosed publicly on January 8, 2026 and represent a significant risk, especially for organizations running their own GitLab servers.

Affected Versions & Patch Releases

GitLab has issued patches for the following versions:

  • 18.7.1
  • 18.6.3
  • 18.5.5

These patches have already been deployed on the hosted GitLab.com service and should be applied immediately on self-managed installations to mitigate risk.

What the Vulnerabilities Are

According to the official release notes, the updates address a range of issues including:

Arbitrary Code Execution & Script Injection

  • Stored Cross-Site Scripting (XSS) in GitLab Flavored Markdown could allow authenticated attackers to trigger script execution.
  • Cross-Site Scripting in Web IDE could allow an unauthenticated user to execute code in a user’s browser in the context of a legitimate session.

Authorization & Access Control

  • Missing authorization in the Duo Workflows API could let authenticated users access AI model settings in other namespaces.
  • Missing authorization in GraphQL mutations could allow modification of instance-wide AI feature settings.

Other Security Risks

  • Denial of Service (DoS) via import functionality.
  • Insufficient access control in GraphQL mutations affecting runners and CI/CD operations.
  • Information disclosure in Mermaid diagram rendering.

The collective impact is that attackers with varying levels of access could leverage these flaws to disrupt services, steal or manipulate data, or execute code in contexts where they shouldn’t.

Who Is at Risk

  • Self-managed GitLab CE and EE installations that have not applied the latest patches.
  • Versions before 18.7.1, 18.6.3, and 18.5.5 are affected across both Community and Enterprise Editions.

Recommended Actions

  1. Apply the latest patches immediately by upgrading to the fixed versions listed above.
  2. Verify configuration and access controls post-update to ensure no unauthorized changes remain.
  3. Monitor logs and activity for unusual behavior if the instance was exposed before patching.

CyberDefender