Description

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.

INFO

Published Date :

2026-02-09T06:33:11.812Z

Last Modified :

2026-02-09T15:46:45.991Z

Source :

GitLab
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1868 vulnerability.

Vendors Products
Gitlab
  • Ai-gateway
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1868.

URL Resource
https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/ cve-icon cve-icon
https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/work_items/1850 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact