GitLab urges users to update after patching high-risk flaws affecting repositories and services

Screenshot of a GitLab security advisory table listing multiple vulnerabilities affecting GitLab CE and EE.

GitLab has released urgent patch updates for its Community and Enterprise editions, addressing multiple high-severity vulnerabilities including an 8.0-rated Web IDE flaw that could allow token theft and unauthorized access to private repositories.

Praneeta, Published 02/11/2026

Security Software

GitLab has released new patch updates addressing multiple high-severity security vulnerabilities affecting its Community Edition (CE) and Enterprise Edition (EE) platforms. The updates arrive as versions 18.8.4, 18.7.4 and 18.6.6, with the company strongly recommending that all self-managed installations upgrade immediately. GitLab is already running the patched builds, while GitLab Dedicated customers do not need to take any action.

Among the most critical issues resolved is CVE-2025-7659, a high-severity flaw (CVSS 8.0) involving incomplete validation in GitLab’s Web IDE. According to GitLab, the vulnerability could have allowed unauthenticated attackers to steal access tokens and potentially gain entry to private repositories. Several denial-of-service vulnerabilities were also addressed, including CVE-2025-8099, which could enable attackers to crash servers through repeated GraphQL queries, and CVE-2026-0958, which could exhaust system resources by bypassing JSON validation middleware.

The patch also fixes cross-site scripting and injection-based vulnerabilities such as CVE-2025-14560 and CVE-2026-0595. These flaws could allow attackers to inject malicious scripts or manipulate content under certain conditions. Additional medium-severity vulnerabilities affecting Markdown processing, dashboards and server-side request forgery (SSRF) risks have also been resolved, alongside several lower-severity authorisation and validation flaws.

GitLab states that the affected versions include all builds from multiple release branches prior to the newly released patches. The company notes that security vulnerability details are typically made public 30 days after a fix is released. The organisation emphasises that upgrading to the latest supported version is considered essential for maintaining secure deployments.

The patch release also includes database migrations that may temporarily impact availability. Single-node installations are expected to experience downtime during upgrades, while multi-node deployments can complete the update without downtime when following recommended upgrade procedures.

GitLab follows a regular patch release schedule twice monthly but may issue additional updates when critical vulnerabilities are discovered. The company advises administrators to review release notes, test upgrades in staging environments and deploy the latest patches as soon as possible to reduce potential exploitation risks.

Source(s)

GitLab

⟨

Major iPhone update: iOS 26.3 makes switching to Android and third-party smartwatches easier

Please share our article, every link counts!

Add as a preferred
source on Google

Read all 1 comments / answer

Loading Comments

Comment on this article

Praneeta - Tech Editor - 19 articles published on Notebookcheck since 2025

I'm pretty attached to storytelling, since childhood (an awful curse I'm still trying to find an antidote for). But in the meantime, I use it to enhance my professional life, tell stories and sometimes the news. I am passionate about tech, the kind that can potentially change the fate of humanity, and Anime. I am eager to learn about the world, and I'm still figuring out how to travel as much as possible.

contact me via: @prntmnd, _praneeta

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 02 > GitLab urges users to update after patching high-risk flaws affecting repositories and services

Praneeta, 2026-02-11 (Update: 2026-02-11)

Source(s)

Related Articles