CVE-2026-1868
published 2026-02-09CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6…
PriorityP261critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.50%
38.8th percentile
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitlab | gitlab | — | — |
| gitlab | gitlab_ai_gateway | >= 18.1.6 < 18.6.2 | 18.6.2 |
| gitlab | gitlab_ai_gateway | >= 18.7.0 < 18.7.1 | 18.7.1 |
| gitlab | gitlab_ai_gateway | >= 18.8.0 < 18.8.1 | 18.8.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via crafted Duo Agent Platform Flow definitions submitted as user-supplied data to the Duo Workflow Service component of GitLab AI Gateway — monitor for anomalous or malformed Flow definition payloads submitted to the AI Gateway endpoint ↗
- →Target component is the Duo Workflow Service within GitLab AI Gateway; focus detection on requests/inputs processed by this service for template injection patterns (e.g., template syntax characters such as {{ }}, {% %}, or similar) ↗
- →Exploitation outcomes include Denial of Service or remote code execution on the Gateway host — alert on unexpected process spawning or crashes originating from the AI Gateway process ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6,
vendor_gitlab·2026-02-09·CVSS 9.9
CVE-2026-1868 [CRITICAL] CWE-1336 CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6,
CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
GHSA
GHSA-jfr3-cr47-9vqq: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18
ghsa_unreviewed·2026-02-09
CVE-2026-1868 [CRITICAL] CWE-1336 GHSA-jfr3-cr47-9vqq: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-09
Published