GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
References
| Link | Resource |
|---|---|
| https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/ | Release Notes Vendor Advisory |
| https://gitlab.com/gitlab-org/gitlab/-/work_items/580488 | Broken Link |
| https://hackerone.com/reports/3413704 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
26 Mar 2026, 18:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/ - Release Notes, Vendor Advisory | |
| References | () https://gitlab.com/gitlab-org/gitlab/-/work_items/580488 - Broken Link | |
| References | () https://hackerone.com/reports/3413704 - Permissions Required | |
| First Time |
Gitlab
Gitlab gitlab |
|
| CPE | cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* |
25 Mar 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-25 17:16
Updated : 2026-03-26 18:29
NVD link : CVE-2025-13078
Mitre link : CVE-2025-13078
CVE.ORG link : CVE-2025-13078
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-1284
Improper Validation of Specified Quantity in Input