Release Date: Feb 6, 2023 Release Title: GitLab AI Gateway Critical Patch Release: 18.6.2, 18.7.1, and 18.8.1 Security Fix: - Title: Insecure Template expansion issue impacts GitLab AI Gateway - Severity: Critical - CVE: CVE-2026-1868 - Impact: Duo Workflow Service vulnerable to insecure template expansion - Affected Versions: All versions from 18.1.6, 18.2.6, and 18.3.1 before 18.6.2, 18.7.1, and 18.8.1 - CVSS: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) Recommended Action: Upgrade to the latest version as soon as possible for GitLab Duo Self-Hosted installations running a version of self-hosted AI Gateway affected by the issue. Secure Deployment: GitLab-hosted AI Gateway instances (GitLab.com, GitLab Dedicated, GitLab Self Managed) are protected and do not need action.