{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1092", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-01-16T21:04:09.219Z", "datePublished": "2026-04-08T22:26:12.837Z", "dateUpdated": "2026-04-09T15:09:51.969Z"}, "containers": {"cna": {"title": "Improper Validation of Specified Quantity in Input in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "12.10", "status": "affected", "lessThan": "18.8.9", "versionType": "semver"}, {"version": "18.9", "status": "affected", "lessThan": "18.9.5", "versionType": "semver"}, {"version": "18.10", "status": "affected", "lessThan": "18.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1284: Improper Validation of Specified Quantity in Input", "cweId": "CWE-1284", "type": "CWE"}]}], "references": [{"url": "https://hackerone.com/reports/3487030", "name": "HackerOne Bug Bounty Report #3487030", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479"}, {"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."}], "credits": [{"lang": "en", "value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T22:26:12.837Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T15:09:43.259973Z", "id": "CVE-2026-1092", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:09:51.969Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1092", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T15:09:43.259973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:09:47.911Z"}}], "cna": {"title": "Improper Validation of Specified Quantity in Input in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "12.10", "lessThan": "18.8.9", "versionType": "semver"}, {"status": "affected", "version": "18.9", "lessThan": "18.9.5", "versionType": "semver"}, {"status": "affected", "version": "18.10", "lessThan": "18.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."}], "references": [{"url": "https://hackerone.com/reports/3487030", "name": "HackerOne Bug Bounty Report #3487030", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479"}, {"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284: Improper Validation of Specified Quantity in Input"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T22:26:12.837Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1092", "state": "PUBLISHED", "dateUpdated": "2026-04-09T15:09:51.969Z", "dateReserved": "2026-01-16T21:04:09.219Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-08T22:26:12.837Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads."}], "id": "CVE-2026-1092", "lastModified": "2026-04-08T23:16:57.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-04-08T23:16:57.510", "references": [{"source": "cve@gitlab.com", "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}, {"source": "cve@gitlab.com", "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479"}, {"source": "cve@gitlab.com", "url": "https://hackerone.com/reports/3487030"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.10,18.8.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.9,18.9.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.10,18.10.3)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "GitLab", "source": "cna", "vendor": "GitLab"}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-08T23:21:40.356175+00:00", "value": {"mitigation_remediation": ["Upgrade GitLab to version 18.8.9, 18.9.5, 18.10.3 or newer.", "If an immediate upgrade is not possible, limit unauthenticated access to GitLab\u2019s API endpoints or apply rate\u2011limiting to reduce potential abuse.", "Monitor system logs for repeated malformed JSON requests and investigate suspected denial\u2011of\u2011service attempts."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All GitLab Community Edition and Enterprise Edition installations from version 12.10 up to, but not including, 18.8.9, 18.9 up to, but not including, 18.9.5, and 18.10 up to, but not including, 18.10.3 are impacted. Newer releases (18.8.9, 18.9.5, 18.10.3 and above) have the fix applied.", "description_and_impact": "An unauthenticated user can trigger a denial of service on GitLab by sending a specially crafted JSON payload that bypasses input validation. The flaw stems from improper handling of the specified quantity field in the payload, allowing the server to crash or exhaust resources. The vulnerability is classified under CWE-1284 and could lead to loss of availability for the affected instance.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. The metadata does not contain an EPSS value, so the precise exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector, inferred from the description, is that an attacker can supply arbitrary JSON data over an unauthenticated HTTP request to the vulnerable endpoint. No special privileges are required, and the impact is limited to denial of service rather than data compromise. Organizations running vulnerable GitLab instances should consider patching promptly."}}}}, "created": "2026-04-09T08:16:08.452532+00:00", "updated": "2026-04-09T08:25:34.470164+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}