Vulnerability in Gitlab Ai Gateway
CVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insec…
EPSS: 0.005 (38.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Gitlab Ai Gateway — versions 18.1.6, 18.7.0, 18.8.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-1868?
- CVE-2026-1868 is a critical-severity vulnerability in Gitlab Ai Gateway, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 9.9/10. Published 2026-02-09.
- How severe is CVE-2026-1868?
- Critical severity. CVSS v3 base score is 9.9 out of 10.