GitLab has issued a new GitLab patch release addressing a range of security vulnerabilities and stability issues across multiple supported versions. The latest updates, versions 18.8.2, 18.7.2, and 18.6.4, apply to both GitLab Community Edition and Enterprise Edition and are now available for self-managed installations. According to the release information, these updates contain important bug fixes and security remediations, and administrators are strongly advised to upgrade as soon as possible.
The GitLab patch release applies to GitLab Community Edition and Enterprise Edition deployments running affected versions. GitLab.com is already operating on the patched versions, and GitLab Dedicated customers are not required to take any action. However, organizations managing their own instances are encouraged to prioritize the upgrade to mitigate risk from known vulnerabilities.
Overview of the Latest GitLab Patch Release
This GitLab patch release resolves multiple security issues affecting both GitLab Community Edition and Enterprise Edition, including several high-severity vulnerabilities.
One of the most critical issues, tracked as CVE-2025-13927, involves a denial of service vulnerability in the Jira Connect integration. GitLab reported that an unauthenticated attacker could create a denial of service condition by sending crafted requests containing malformed authentication data. The vulnerability affects all GitLab CE/EE versions from 11.9 up to, but not including, versions 18.6.4, 18.7.2, and 18.8.2. The issue carries a CVSS score of 7.5. GitLab credited a92847865 for reporting the vulnerability through its HackerOne bug bounty program.
Another high-severity issue, CVE-2025-13928, impacts the Releases API. Due to incorrect authorization validation in API endpoints, an unauthenticated user could trigger a denial of service condition. This vulnerability affects GitLab Community Edition and Enterprise Edition versions from 17.7 prior to the patched releases and also has a CVSS score of 7.5. The issue was reported by the same researcher.
GitLab also addressed CVE-2026-0723, a vulnerability in authentication services that could have allowed an attacker with knowledge of a victim’s credential ID to bypass two-factor authentication by submitting forged device responses. This issue affects versions from 18.6 prior to the patched releases and has a CVSS score of 7.4. The vulnerability was reported by ahacker1 through HackerOne.
Medium-severity issues include CVE-2025-13335, an infinite loop flaw in Wiki redirects that could allow an authenticated user to cause a denial of service by crafting malformed Wiki documents. This issue affects versions from 17.1 onward and has a CVSS score of 6.5. GitLab also fixed CVE-2026-1102, a denial-of-service vulnerability in an API endpoint triggered by repeated malformed SSH authentication requests, affecting versions from 12.3 onward with a CVSS score of 5.3. GitLab noted that this vulnerability was discovered internally by team member Thiago Figueiró.
Bug Fixes and Upgrade Considerations for Self-Managed Users
In addition to addressing vulnerabilities, the GitLab patch release introduces a wide range of bug fixes across versions 18.8.2, 18.7.2, and 18.6.4. These include backported fixes for merge request reviewer crashes, searchable dropdown race conditions, container repository index repairs, Git LFS throttling exclusions, accessibility-related soft wrap issues, and Git push errors in self-managed environments. Several fixes also improve CI jobs, Sidekiq worker behavior, migration health checks, and AI catalog workflows.
GitLab cautioned that this patch release includes database migrations that may impact the upgrade process. Single-node installations will experience downtime during the upgrade because migrations must be completed before GitLab can restart. Multi-node deployments, however, can apply the updates without downtime by following recommended zero-downtime upgrade procedures. Version 18.7.2 includes post-deploy migrations that can run after the main upgrade process.
GitLab strongly recommends that all installations of GitLab Community Edition and Enterprise Edition running affected versions upgrade to the latest patch release as soon as possible to reduce exposure to known vulnerabilities and maintain platform stability.
