GitLab AI Gateway 18.1.618.8.0 Duo Workflow RCE via insecure template expansion
CVE-2026-1868 Published on February 9, 2026
Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.
Vulnerability Analysis
CVE-2026-1868 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Products Associated with CVE-2026-1868
Want to know whenever a new CVE is published for GitLab Ai Gateway? stack.watch will email you.
Affected Versions
GitLab AI Gateway:- Version 18.1.6 and below 18.6.2 is affected.
- Version 18.7.0 and below 18.7.1 is affected.
- Version 18.8.0 and below 18.8.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.