CVE-2026-1069
📋 TL;DR
An unauthenticated attacker can cause denial of service on GitLab instances by sending specially crafted GraphQL requests that trigger uncontrolled recursion. This affects all GitLab CE/EE installations running versions 18.9 through 18.9.1.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for all GitLab users, potentially requiring manual intervention to restore service.
Likely Case
Temporary service degradation or outages affecting Git operations, CI/CD pipelines, and web interface access.
If Mitigated
Minimal impact with proper rate limiting, WAF rules, and network segmentation in place.
🎯 Exploit Status
The vulnerability requires no authentication and involves sending crafted GraphQL requests, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.9.2
Vendor Advisory: https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 18.9.2 using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Rate Limit GraphQL Endpoints
allImplement rate limiting on /api/graphql endpoints to reduce impact of DoS attempts.
# Configure in GitLab nginx configuration or use WAF
Restrict GraphQL Access
allLimit access to GraphQL endpoints using network controls or authentication requirements.
# Use firewall rules or reverse proxy to restrict /api/graphql
🧯 If You Can't Patch
- Implement strict rate limiting on GraphQL endpoints
- Place GitLab behind a WAF with DoS protection rules
🔍 How to Verify
Check if Vulnerable:
Check GitLab version: if running 18.9.0 or 18.9.1, you are vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 18.9.2 or later and GraphQL functionality works normally.📡 Detection & Monitoring
Log Indicators:
- High volume of GraphQL requests from single IPs
- Stack overflow errors in application logs
- Unusual recursion patterns in GraphQL queries
Network Indicators:
- Spike in requests to /api/graphql endpoint
- Abnormal response times for GraphQL queries
SIEM Query:
source="gitlab" AND (uri_path="/api/graphql" AND request_count > 1000)