CVE-2026-1456

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1456
Aliases
Downstream
Related
Published
2026-02-11T11:04:15.246Z
Modified
2026-02-16T18:13:48.770464Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.

Database specific 
{
    "cwe_ids": [
        "CWE-770"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1456.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
ceaa3c8b3a5ddb810b246bff3029e68cc57caf94
Fixed
4597d837d39a31d0978b23cbf4b4dd9a496ae536
Database specific 
{
    "versions": [
        {
            "introduced": "18.7"
        },
        {
            "fixed": "18.7.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1010a9b2b769993080ce8399fd25e77c54e1ad1c
Fixed
24b860ec8f94cded541e088aeff15552b46af805
Database specific 
{
    "versions": [
        {
            "introduced": "18.8"
        },
        {
            "fixed": "18.8.4"
        }
    ]
}

Affected versions

v18.*
v18.7.0-ee
v18.7.1-ee
v18.7.2-ee
v18.7.3-ee
v18.8.0-ee
v18.8.1-ee
v18.8.2-ee
v18.8.3-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1456.json"