CVE-2026-1868
On February 6, 2026, we released versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway. These versions contain a critical security fix for GitLab Duo Self-Hosted AI Gateway, and we strongly recommend that all Self Managed customers with GitLab Duo Self-Hosted installations update to one of these versions immediately. A fix has already been deployed for the GitLab-hosted AI Gateway. Customers using GitLab.com, GitLab Dedicated, and GitLab Self Managed instances with GitLab-hosted AI Gateway are protected and do not need to take action. Recommended Action We strongly recommend that all GitLab Duo Self-Hosted installations running a version of self-hosted AI Gateway affected by the issue described below are upgraded to the latest version as soon as possible. Security fixes Table of security fixes Title Severity Insecure Template expansion issue impacts GitLab AI Gateway Critical CVE-2026-1868 - Insecure Template expansion issue impacts GitLab AI Gateway The Duo Workflow Service component of GitLab AI Gateway before versions 18.6.2, 18.7.1, and 18.8.1 is vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. Authenticated access to the GitLab instance is required. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. Impacted Versions: GitLab AI Gateway: all versions from 18.1.6, 18.2.6, and 18.3.1 before 18.6.2, 18.7.1, and 18.8.1 CVSS 9.9 ( CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ) This vulnerability was discovered internally by GitLab team member Joern Schneeweisz . Updating To update GitLab Duo Self-Hosted, see the GitLab Duo Self-Hosted install documentation . Receive Patch Notifications To receive patch blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our patch release RSS feed or our RSS feed for all releases .
CSIRTS triage
- What
- A critical security fix is included for the GitLab Duo Self-Hosted AI Gateway.
- Who is affected
- Self-managed customers with GitLab Duo Self-Hosted installations.
- Urgency
- Remediation is critical due to the nature of the security fix.
- Action
- Upgrade to one of the latest versions immediately.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-1868
Get an email if CVE-2026-1868 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.50% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalGitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1gitlab · 2026-02-06
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-1868)