CNNVD-202602-1366 Information
CNNVD ID
CNNVD-202602-1366
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
GitLab AI Gateway是美国GitLab公司的一个人工智能服务中间件。 GitLab AI Gateway 18.1.6版本、18.2.6版本、18.3.1版本至18.6.1版本、18.7.0版本和18.8.0版本存在安全漏洞,该漏洞源于通过特制Duo Agent Platform Flow定义对用户提供的数据进行不安全的模板扩展,可能导致拒绝服务或获得网关上的代码执行权限。
Description (English)
GitLab AI Gateway is an artificial intelligence service intermediate for GitLab in the United States. There is a security loophole in Gitlab AI Gateway 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0 and 18.8.0, which stems from the unsafe expansion of the template for user-provided data through the custom-made Duo Agent Platform Flow definition, which may lead to the denial of services or access to code enforcement privileges on the gateway.
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2026-02-09
Last Modified
2026-02-24
References
https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/ https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/work_items/1850 https://access.redhat.com/security/cve/cve-2026-1868
Patch
https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/
Share on: