GitLab has patched a denial-of-service vulnerability in CE/EE that allows unauthenticated attackers to crash or degrade the GitLab service via crafted API requests. All versions from 18.5 through 18.11.2 are affected. Current exploitation evidence is minimal (EPSS 0.03rd percentile), but the unauthenticated nature of the attack vector warrants patching within standard high-severity SLA windows, particularly for internet-facing instances.