GitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1
On February 6, 2026, we released versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway. These versions contain a critical security fix for GitLab Duo Self-Hosted AI Gateway, and we strongly recommend that all Self Managed customers with GitLab Duo Self-Hosted installations update to one of these versions immediately. A fix has already been deployed for the GitLab-hosted AI Gateway. Customers using GitLab.com, GitLab Dedicated, and GitLab Self Managed instances with GitLab-hosted AI Gateway are protected and do not need to take action. Recommended Action We strongly recommend that all GitLab Duo Self-Hosted installations running a version of self-hosted AI Gateway affected by the issue described below are upgraded to the latest version as soon as possible. Security fixes Table of security fixes Title Severity Insecure Template expansion issue impacts GitLab AI Gateway Critical CVE-2026-1868 - Insecure Template expansion issue impacts GitLab AI Gateway The Duo Workflow Service component of GitLab AI Gateway before versions 18.6.2, 18.7.1, and 18.8.1 is vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. Authenticated access to the GitLab instance is required. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. Impacted Versions: GitLab AI Gateway: all versions from 18.1.6, 18.2.6, and 18.3.1 before 18.6.2, 18.7.1, and 18.8.1 CVSS 9.9 ( CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ) This vulnerability was discovered internally by GitLab team member Joern Schneeweisz . Updating To update GitLab Duo Self-Hosted, see the GitLab Duo Self-Hosted install documentation . Receive Patch Notifications To receive patch blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our patch release RSS feed or our RSS feed for all releases .
CSIRTS triage
- What
- A critical security fix is included for the GitLab Duo Self-Hosted AI Gateway.
- Who is affected
- Self-managed customers with GitLab Duo Self-Hosted installations.
- Urgency
- Remediation is critical due to the nature of the security fix.
- Action
- Upgrade to one of the latest versions immediately.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch GitLab AI Gateway
Get an email when a new GitLab AI Gateway advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://docs.gitlab.com/releases/other-patches/patch-release-gitlab-ai-gateway-18-8-1-released/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-18680.50% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-1868 | coverage & exploitation status | NVD · CVE.org |
More from GitLab Security Releases
- criticalGitLab Patch Release: 19.1.2, 19.0.4, 18.11.72026-07-08
- unknownGitLab Patch Release: 18.8.112026-07-01
- unknownGitLab patch release notes2026-07-01
- criticalGitLab Patch Release: 19.1.1, 19.0.3, 18.11.62026-06-24
- criticalGitLab Patch Release: 19.0.2, 18.11.5, 18.10.82026-06-10