PatchSiren cyber security CVE debrief
CVE-2026-1500 GitLab CVE debrief
CVE-2026-1500 is a medium-severity vulnerability affecting GitLab CE/EE versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2. The issue could allow an authenticated user to cause denial of service due to uncontrolled resource consumption when processing a specially crafted file upload. The CVSS score for this vulnerability is 6.5, indicating a medium severity.
- Vendor
- GitLab
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of GitLab CE/EE versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by uncontrolled resource consumption when processing a specially crafted file upload. This could allow an authenticated user to cause denial of service.
Defensive priority
medium
Recommended defensive actions
- Update to a patched version of GitLab CE/EE (18.10.8, 18.11.5, or 19.0.2 or later)
- Restrict file uploads to trusted users and validate file types
Evidence notes
Evidence for this CVE comes from the NVD and GitLab's official releases.
Official resources
CVE-2026-1500 was published on 2026-06-11T12:16:31.073Z and modified on 2026-06-11T15:22:48.573Z.