GitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1

Today, we are releasing versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.

These versions contain a critical security fix for GitLab Duo Self-Hosted AI Gateway, and we strongly recommend that all Self Managed customers with GitLab Duo Self-Hosted installations update to one of these versions immediately.

A fix has already been deployed for the GitLab-hosted AI Gateway. Customers using GitLab.com, GitLab Dedicated, and GitLab Self Managed instances with GitLab-hosted AI Gateway are protected and do not need to take action.

Recommended Action

We strongly recommend that all GitLab Duo Self-Hosted installations running a version of self-hosted AI Gateway affected by the issue described below are upgraded to the latest version as soon as possible.

Security fixes

Table of security fixes

Title	Severity
Insecure Template expansion issue impacts GitLab AI Gateway	Critical

CVE-2026-1868 - Insecure Template expansion issue impacts GitLab AI Gateway

The Duo Workflow Service component of GitLab AI Gateway before versions 18.6.2, 18.7.1, and 18.8.1 is vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. Authenticated access to the GitLab instance is required. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway.

Impacted Versions: GitLab AI Gateway: all versions from 18.1.6, 18.2.6, and 18.3.1 before 18.6.2, 18.7.1, and 18.8.1
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

This vulnerability was discovered internally by GitLab team member Joern Schneeweisz.

Updating

To update GitLab Duo Self-Hosted, see the GitLab Duo Self-Hosted install documentation.

Receive Patch Notifications

To receive patch blog notifications delivered to your inbox, visit our contact us page. To receive release notifications via RSS, subscribe to our patch release RSS feed or our RSS feed for all releases.