CVE-2026-1662 – An unauthenticated attacker can cause Denial of... (How to Fix)

Q: What is the severity of CVE-2026-1662?

CVE-2026-1662 has a CVSS score of 7.5 (HIGH). An unauthenticated attacker can cause Denial of Service on GitLab instances by sending specially crafted requests to the Jira events endpoint. This affects all GitLab CE/EE installations running vulnerable versions, potentially making services unavailable to legitimate users.

📋 TL;DR

An unauthenticated attacker can cause Denial of Service on GitLab instances by sending specially crafted requests to the Jira events endpoint. This affects all GitLab CE/EE installations running vulnerable versions, potentially making services unavailable to legitimate users.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 14.4 to 18.7.4, 18.8.0 to 18.8.4, 18.9.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All GitLab instances with Jira integration enabled are vulnerable. The Jira events endpoint is typically accessible if GitLab is reachable.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for all users, requiring manual intervention to restore functionality.

🟠

Likely Case

Temporary service degradation or intermittent outages affecting user productivity.

🟢

If Mitigated

Minimal impact with proper rate limiting, WAF rules, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending crafted requests but no authentication, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.7.5, 18.8.5, or 18.9.1

Vendor Advisory: https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 18.7.5, 18.8.5, or 18.9.1 using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Jira Integration

linux

Temporarily disable Jira integration to remove the vulnerable endpoint.

gitlab-rails runner "ApplicationSetting.current.update!(jira_connect_application_key: nil)"

Implement Rate Limiting

linux

Configure rate limiting on the Jira events endpoint to mitigate DoS attempts.

Add to /etc/gitlab/gitlab.rb: nginx['custom_gitlab_server_config'] = "location /api/v4/jira_connect/ { limit_req zone=gitlab_jira burst=5 nodelay; }"

🧯 If You Can't Patch

Implement network-level controls to block or rate-limit requests to /api/v4/jira_connect/ endpoints.
Deploy a WAF with rules to detect and block malicious patterns targeting the Jira events endpoint.

🔍 How to Verify

Check if Vulnerable:

Check GitLab version with: sudo gitlab-rake gitlab:env:info | grep 'Version:'

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Confirm version is 18.7.5, 18.8.5, or 18.9.1 or higher, and test Jira integration functionality.

📡 Detection & Monitoring

Log Indicators:

High volume of requests to /api/v4/jira_connect/ in GitLab logs
Error logs showing request timeouts or resource exhaustion

Network Indicators:

Unusual spike in traffic to GitLab Jira endpoints
Multiple requests from single IPs to /api/v4/jira_connect/

SIEM Query:

source="gitlab" AND (url_path="/api/v4/jira_connect/" OR jira_connect) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2026-1662

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: February 25, 2026

Last Updated: February 28, 2026

🔗 References

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/588206 Broken Link
https://hackerone.com/reports/3519694 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1662, you might also want to check these: