CVE-2026-1868
Published: 09 February 2026
Summary
CVE-2026-1868 is a critical-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Gitlab (inferred from references). Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates insecure template expansion by validating and sanitizing user-supplied Duo Agent Platform Flow definitions to prevent DoS or RCE.
Ensures timely identification, reporting, and remediation of flaws like CVE-2026-1868 through patching affected GitLab AI Gateway versions.
Restricts input size and characteristics of Flow definitions to counter CWE-1336 resource exhaustion leading to DoS.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Server-side RCE/DoS via unauthenticated template expansion of attacker-controlled input directly matches exploitation of a public-facing application.
NVD Description
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template…
more
expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
Deeper analysisAI
CVE-2026-1868 is a vulnerability in the Duo Workflow Service component of GitLab AI Gateway, caused by insecure template expansion of user-supplied data via crafted Duo Agent Platform Flow definitions. It affects all versions of GitLab AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0. The issue corresponds to CWE-1336 (Incorrect Handling of Extremely Large or Infinite Input) and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
The vulnerability can be exploited by a low-privileged authenticated user over the network with low attack complexity and no user interaction required. Successful exploitation enables denial of service or remote code execution on the AI Gateway itself, with a changed scope leading to high impacts on confidentiality, integrity, and availability.
GitLab has remediated the issue in AI Gateway versions 18.6.2, 18.7.1, and 18.8.1. Additional details are available in the patch release notes at https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/ and the related work item at https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/work_items/1850.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, ai, ai, ai