CVE-2026-31866: flagd Vulnerable to Allocation of Resources Without Limits or Throttling

Denial of Service: A single crafted request can crash the flagd process.
Service Disruption: All applications relying on the affected flagd instance for feature flag evaluation will lose access to flag evaluations until the process restarts.
Repeated Exploitation: An attacker can continuously send oversized requests to prevent recovery.

March 11, 2026

References

Code Behaviors & Features

Detect and mitigate CVE-2026-31866 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →