CVE-2026-1725

Exploit

EPSS 0.05%
Veröffentlicht 25.02.2026 20:04:44
Zuletzt bearbeitet 28.02.2026 01:06:15
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ GitLab Version18.9.0 SwEditioncommunity

Gitlab ≫ GitLab Version18.9.0 SwEditionenterprise

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

Vendor Advisory

Release Notes

https://gitlab.com/gitlab-org/gitlab/-/issues/588338

Broken Link

https://hackerone.com/reports/3519773

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-1725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1725

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1725