A critical vulnerability in the GitLab AI Gateway Duo Workflow Service permits remote code execution or denial-of-service via insecure template expansion.

The AI Gateway component is vulnerable to insecure template expansion of user-supplied data through crafted Duo Agent Platform Flow definitions. An attacker can leverage this flaw to inject malicious code that the Gateway processes, leading to either a total system crash or arbitrary code execution.

A successful exploit could lead to the complete compromise of the AI Gateway, potentially exposing sensitive AI training data or integration secrets. The CVSS score of 9.9 indicates a near-maximum severity, reflecting the catastrophic potential for service downtime and unauthorized access to the underlying infrastructure.

Immediate Action: Update the GitLab AI Gateway to versions 18.6.2, 18.7.1, or 18.8.1 immediately.

Proactive Monitoring: Monitor the AI Gateway logs for unusual Duo Agent Platform Flow definitions or unexpected service restarts.

Compensating Controls: Ensure that the AI Gateway is deployed within a segmented network environment to limit the impact of a potential compromise.

Public Exploit Available: false

Because this vulnerability allows for remote code execution on a high-value AI component, remediation should be the highest priority. Administrators must update to the fixed versions (18.6.2, 18.7.1, or 18.8.1) immediately to mitigate the risk of exploitation.