Security Advisory

GitLab product security update advisory

  • Feb 27 2026
GitLab product security update advisory

Overview

 

GitLab has released security updates to fix vulnerabilities in its products. Users of affected products are advised to update to the latest version.

 

 

Affected Products

 

CVE-2025-14511

 

GitLab CE/EE versions: 12.2 and above but below 18.7.5
GitLab CE/EE versions: 18.8 and above but below 18.8.5
GitLab CE/EE versions: 18.9 and above but below 18.9.1

 

CVE-2025-9222

 

GitLab CE/EE versions: 18.2.2 and above but below 18.5.5
GitLab CE/EE versions: 18.6 and above but below 18.6.3
GitLab CE/EE versions: 18.7 and above but below 18.7.1

 

CVE-2026-0752

 

GitLab CE/EE versions: 16.2 and above but below 18.7.5
GitLab CE/EE versions: 18.8 and above but below 18.8.5
GitLab CE/EE versions: 18.9 and above but below 18.9.1

 

CVE-2026-1388

 

GitLab CE/EE versions: 9.2 and above but below 18.7.5
GitLab CE/EE versions: 18.8 and above but below 18.8.5
GitLab CE/EE versions: 18.9 and above but below 18.9.1

 

CVE-2026-1662

 

GitLab CE/EE versions: 14.4 and above but below 18.7.5
GitLab CE/EE versions: 18.8 and above but below 18.8.5
GitLab CE/EE versions: 18.9 and above but below 18.9.1

 

 

Resolved Vulnerabilities

 

Denial of Service vulnerability in the Container Registry in GitLab CE/EE (CVE-2025-14511)
Stored cross-site scripting vulnerability in the GitLab Flavored Markdown placeholder in GitLab CE/EE (CVE-2025-9222)
Cross-site scripting vulnerability in the Mermaid sandbox in GitLab CE/EE (CVE-2026-0752)
Regular Expression Denial of Service vulnerability in the GitLab Merge Request feature in GitLab CE/EE (CVE-2026-1388)
Denial of service vulnerability in the Jira events endpoint in GitLab CE/EE (CVE-2026-1662)

 

 

Vulnerability Patches

 

Vulnerability Patches have been made available with the latest updates. Please follow the instructions on the Referenced Sites to update to the latest version of Vulnerability Patches.

 

CVE-2025-14511

 

GitLab CE/EE version: 18.7.5
GitLab CE/EE version: 18.8.5
GitLab CE/EE version: 18.9.1

 

CVE-2025-9222

 

GitLab CE/EE version: 18.5.5
GitLab CE/EE version: 18.6.3
GitLab CE/EE version: 18.7.1

 

CVE-2026-0752

 

GitLab CE/EE version: 18.7.5
GitLab CE/EE version: 18.8.5
GitLab CE/EE version: 18.9.1

 

CVE-2026-1388

 

GitLab CE/EE version: 18.7.5
GitLab CE/EE version: 18.8.5
GitLab CE/EE version: 18.9.1

 

CVE-2026-1662

 

GitLab CE/EE version: 18.7.5
GitLab CE/EE version: 18.8.5
GitLab CE/EE version: 18.9.1

 

 

References

 

[1] GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5
https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/
[2] GitLab Patch Release: 18.7.1, 18.6.3, 18.5.5
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

Tags:
Previous Post

Next Post