Tuesday , July 14 2026
Gitlab

GitLab Releases Critical Patches for High-Severity Vulnerabilities

GitLab has released a new patch to fix security vulnerabilities and stability issues in versions 18.8.2, 18.7.2, and 18.6.4 for both Community and Enterprise Editions. These updates are ready for self-managed installations and include crucial bug fixes and security improvements. Administrators should upgrade as soon as possible.

The GitLab patch release is for Community and Enterprise Editions with affected versions. GitLab.com is already updated, and GitLab Dedicated users don’t need to do anything. However, self-managed instances should upgrade to reduce vulnerabilities.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

Overview of the Latest GitLab Patch Release:

This GitLab patch release fixes various security issues in both the Community and Enterprise Editions, including several high-severity vulnerabilities.

A serious issue, CVE-2025-13927, is a denial of service vulnerability in Jira Connect integration. GitLab stated that an unauthenticated attacker could cause a denial of service by sending specially crafted requests with bad authentication data. This affects all GitLab CE/EE versions from 11.9 up to, but not including, versions 18.6.4, 18.7.2, and 18.8.2. The vulnerability has a CVSS score of 7.5. GitLab acknowledged a92847865 for reporting it via their HackerOne bug bounty program.

CVE-2025-13928 is a serious issue affecting the Releases API. It allows unauthenticated users to cause a denial of service due to poor authorization validation. This vulnerability impacts GitLab Community and Enterprise Editions from version 17.7 before patches and has a CVSS score of 7.5. The same researcher reported it.

GitLab fixed CVE-2026-0723, a vulnerability in authentication services that could let attackers bypass two-factor authentication using a victim’s credential ID. It affects versions from 18.6 before the patch and has a CVSS score of 7.4. The issue was reported by ahacker1 on HackerOne.

Medium-severity issues include CVE-2025-13335, an infinite loop flaw in Wiki redirects that can lead to a denial of service by allowing authenticated users to create corrupted Wiki documents. This affects versions from 17.1 onward and has a CVSS score of 6.5. GitLab also resolved CVE-2026-1102, a denial-of-service vulnerability in an API endpoint caused by repeated bad SSH authentication requests, affecting versions from 12.3 onward with a CVSS score of 5.3. This vulnerability was found internally by team member Thiago Figueiró.

Bug Fixes and Upgrade Considerations for Self-Managed Users :

The GitLab patch release not only fixes vulnerabilities but also resolves numerous bugs in versions 18.8.2, 18.7.2, and 18.6.4. Key fixes include issues with merge request reviewer crashes, dropdown race conditions, container repository indexing, Git LFS throttling, accessibility issues, and Git push errors in self-managed setups. Improvements were also made for CI jobs, Sidekiq worker behavior, migration health checks, and AI catalog workflows.

GitLab warns that the patch release has database migrations that could affect the upgrade process. Single-node setups will face downtime during the upgrade as migrations need to complete before a restart. In contrast, multi-node setups can avoid downtime by using zero-downtime upgrade methods. Version 18.7.2 allows post-deploy migrations to run after the main upgrade.

GitLab advises all users of Community and Enterprise Edition to upgrade to the latest patch release promptly to minimize vulnerabilities and ensure stability.

Check Also

Wazuh

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

A critical security flaw has affected the open-source security community. Recently, complete details and working …