CNNVD-202602-2005 Information
CNNVD ID
CNNVD-202602-2005
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE)都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 18.6.6之前版本、18.7.4之前版本和18.8.4之前版本存在安全漏洞,该漏洞源于特定条件下未经验证的用户发送重复GraphQL查询,可能导致拒绝服务攻击。
Description (English)
GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security loophole in GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) 18.6.6, 18.7.4 and 18.8.4, which stems from the sending of repeated GraphQL queries by uncertified users under certain conditions, which may lead to a denial of service attacks.
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2026-02-11
Last Modified
2026-02-24
References
https://hackerone.com/reports/3240210 https://gitlab.com/gitlab-org/gitlab/-/issues/557165 https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ https://access.redhat.com/security/cve/cve-2025-8099
Patch
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
Share on: