Vulnerability in Gitlab Ai Gateway

CVE-2026-1868

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insec…

EPSS: 0.005 (38.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-1868?
CVE-2026-1868 is a critical-severity vulnerability in Gitlab Ai Gateway, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 9.9/10. Published 2026-02-09.
How severe is CVE-2026-1868?
Critical severity. CVSS v3 base score is 9.9 out of 10.