CVE-2026-1868: GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions
Summary
GitLab AI Gateway had a vulnerability in its Duo Workflow Service component where user-supplied data wasn't properly validated before being processed (insecure template expansion), allowing attackers to craft malicious workflow definitions that could crash the service or execute code on the Gateway. This flaw affected multiple versions of the AI Gateway.
Solution / Mitigation
Update GitLab AI Gateway to version 18.6.2, 18.7.1, or 18.8.1, depending on which version you are running, as the vulnerability has been fixed in these versions.
Vulnerability Details
9.9(critical)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-1868
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%