PatchSiren cyber security CVE debrief
CVE-2026-7250 GitLab CVE debrief
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request parsing middleware.
- Vendor
- GitLab
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of GitLab CE/EE versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2
Technical summary
The vulnerability is caused by improper input validation in the API request parsing middleware, which could allow an unauthenticated user to cause denial of service. The CVSS score is 7.5 (High).
Defensive priority
High
Recommended defensive actions
- Update to version 18.10.8, 18.11.5, or 19.0.2 or later
Evidence notes
The vulnerability was remediated by GitLab and affects versions 12.10 to 18.10.7, 18.11 to 18.11.4, and 19.0 to 19.0.1.
Official resources
-
CVE-2026-7250 CVE record
CVE.org
-
CVE-2026-7250 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Issue Tracking
-
Source reference
[email protected] - Permissions Required
CVE-2026-7250 was published on 2026-06-11T12:16:32.587Z and modified on 2026-06-11T17:34:02.157Z.