CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-1868

criticalcovered by 1 sourcefirst seen 2026-02-06
On February 6, 2026, we released versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway. These versions contain a critical security fix for GitLab Duo Self-Hosted AI Gateway, and we strongly recommend that all Self Managed customers with GitLab Duo Self-Hosted installations update to one of these versions immediately. A fix has already been deployed for the GitLab-hosted AI Gateway. Customers using GitLab.com, GitLab Dedicated, and GitLab Self Managed instances with GitLab-hosted AI Gateway are protected and do not need to take action. Recommended Action We strongly recommend that all GitLab Duo Self-Hosted installations running a version of self-hosted AI Gateway affected by the issue described below are upgraded to the latest version as soon as possible. Security fixes Table of security fixes Title Severity Insecure Template expansion issue impacts GitLab AI Gateway Critical CVE-2026-1868 - Insecure Template expansion issue impacts GitLab AI Gateway The Duo Workflow Service component of GitLab AI Gateway before versions 18.6.2, 18.7.1, and 18.8.1 is vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. Authenticated access to the GitLab instance is required. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. Impacted Versions: GitLab AI Gateway: all versions from 18.1.6, 18.2.6, and 18.3.1 before 18.6.2, 18.7.1, and 18.8.1 CVSS 9.9 ( CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ) This vulnerability was discovered internally by GitLab team member Joern Schneeweisz . Updating To update GitLab Duo Self-Hosted, see the GitLab Duo Self-Hosted install documentation . Receive Patch Notifications To receive patch blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our patch release RSS feed or our RSS feed for all releases .

CSIRTS triage

What
A critical security fix is included for the GitLab Duo Self-Hosted AI Gateway.
Who is affected
Self-managed customers with GitLab Duo Self-Hosted installations.
Urgency
Remediation is critical due to the nature of the security fix.
Action
Upgrade to one of the latest versions immediately.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-1868

Get an email if CVE-2026-1868 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-1868

CVE.org record

Embed the live status

CVE-2026-1868 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-1868 status](https://www.csirts.com/badge/CVE-2026-1868)](https://www.csirts.com/cve/CVE-2026-1868)