Denial of Service Vulnerability in GitLab by GitLab Inc.
CVE-2026-8280

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-8280?

GitLab has addressed a significant vulnerability affecting its CE/EE versions that stemmed from inadequate input validation. This flaw could allow authenticated users to exploit the system by causing excessive memory consumption, potentially leading to service disruptions. It is crucial for users of the affected versions to implement the latest patches to safeguard their systems from potential denial of service attacks.

Affected Version(s)

GitLab 8.3 < 18.9.7

GitLab 18.10 < 18.10.6

GitLab 18.11 < 18.11.3

References

https://gitlab.com/gitlab-org/gitlab/-/work_items/579035

https://hackerone.com/reports/3329085

technical-descriptionexploitpermissions-required

https://about.gitlab.com/releases/2026/05/13/patch-releas...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 11, 2026

Credit

Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program

CVE-2026-8280 Data

JSON

Gitlab

What is CVE-2026-8280?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit