top of page
Search

CVE-2026-1868: Critical GitLab Gateway Flaw Exploits Remote Code Execution Vulnerability

  • Feb 8
  • 2 min read

Key Findings


  • Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9

  • Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems

  • The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service

  • Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway

  • Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

  • Immediate upgrade to the patched versions is strongly recommended for all self-hosted customers


Background


The GitLab AI Gateway is a component designed to streamline development tasks using AI-powered capabilities. It is a part of the broader GitLab platform, which is widely used for version control, collaboration, and DevOps workflows.


The Duo Workflow Service is a key component of the AI Gateway, responsible for managing tasks and workflows. However, a flaw in how this service handles user-supplied templates has led to a critical security vulnerability.


Vulnerability Details


The vulnerability, tracked as CVE-2026-1868, is described as an "Insecure Template Expansion issue" that impacts the GitLab AI Gateway. Specifically, the system fails to properly sanitize and validate data when processing "crafted Duo Agent Platform Flow definitions" provided by users.


This oversight allows an attacker with authenticated access to the GitLab instance to potentially:


  • Trigger a Denial of Service (DoS) condition, effectively crashing the Gateway service

  • Execute arbitrary code on the underlying server, potentially gaining full control of the system


Impact and Affected Versions


The vulnerability is assessed as critical, with a CVSS score of 9.9, indicating the immediate danger it poses to unpatched systems. The flaw strikes at the core of the Duo Workflow Service, which is a crucial component of the GitLab AI Gateway.


The vulnerability affects the following versions of the GitLab AI Gateway:


  • 18.1.6

  • 18.2.6

  • 18.3.1


Mitigation and Patched Versions


GitLab has released patched versions to address the vulnerability:


  • 18.6.2

  • 18.7.1

  • 18.8.1


Administrators are strongly recommended to upgrade their self-hosted GitLab AI Gateway installations to one of these patched versions immediately to mitigate the risk of exploitation.


Sources


  • https://securityonline.info/cve-2026-1868-critical-gitlab-gateway-flaw-cvss-9-9-allows-rce/

  • https://x.com/the_yellow_fall/status/2020399242162868624

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page