CVE-2026-7250 | GitLab has remediated an issue in GitLab CE/EE affecting all… | CVSS 7.5 HIGH

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request parsing middleware.

Metadata

CVE ID: CVE-2026-7250
State: PUBLISHED
Assigner: GitLab
Reserved: 2026-04-27 18:33 UTC
Published: 2026-06-11 10:20 UTC
Last updated: 2026-06-11 12:27 UTC
Primary CWE: CWE-770
CWE-770: Allocation of Resources Without Limits or Throttlin…
Vendor / Product: GitLab / GitLab
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
GitLab	GitLab	—	12.10 < 18.10.8, 18.11 < 18.11.5, 19.0 < 19.0.2

Weakness (CWE)

CWE	Source	Description
CWE-770	cna	CWE-770: Allocation of Resources Without Limits or Throttling

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)

https://gitlab.com/gitlab-org/gitlab/-/work_items/598311
HackerOne Bug Bounty Report #3671995 https://hackerone.com/reports/3671995
https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/