CVE-2026-1868

216.73.217.22

· Published 09/02/2026 07:16 · Modified 09/02/2026 16:08

Labels: CVE-2026-1868 2026-02-09 CVE-2026-1868 CWE-1336 [email protected]

Essential information

Published: 09/02/2026 07:16
Modified: 09/02/2026 16:08
Author: —
Creator: —
CVSS: 9.9 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.1.6-18.6.1:::::::*`
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.7.0:::::::*`
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.8.0:::::::*`
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.6.2:::::::*`
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.7.1:::::::*`
gitlab / gitlab ai gateway	`cpe:2.3:a:gitlab:gitlab_ai_gateway:18.8.1:::::::*`