CVE-2026-1456 — Vulnetix

CVE-2026-1456 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview.

EPSS 0.04% · 11.8th percentile

Risk Scores

EPSS Score

0.04%

11.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	18.7.0, 18.8.0
Bitnami	gitlab	18.7.0, 18.8.0

Timeline

Feb 11, 2026 CVE Published
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score

References

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/587688 url
https://hackerone.com/reports/3517928 url
https://nvd.nist.gov/vuln/detail/CVE-2026-1456 url

Open in Interactive Console →