{"data":{"id":"a3920ee9-a0fe-494a-8fd7-1ffba0ce3367","title":"CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions ","summary":"GitLab AI Gateway had a vulnerability in its Duo Workflow Service component where user-supplied data wasn't properly validated before being processed (insecure template expansion), allowing attackers to craft malicious workflow definitions that could crash the service or execute code on the Gateway. This flaw affected multiple versions of the AI Gateway.","solution":"Update GitLab AI Gateway to version 18.6.2, 18.7.1, or 18.8.1, depending on which version you are running, as the vulnerability has been fixed in these versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-1868","publishedAt":"2026-02-09T07:16:18.250Z","cveId":"CVE-2026-1868","cweIds":["CWE-1336"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["denial_of_service","other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitLab","GitLab AI Gateway","Duo Workflow Service"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00031,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}