Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitLab authentication services 2FA bypass (CVE-2026-0723)

Vulnerability
First reported
Last updated
Happening score
H score 66
2 unique sources, 2 articles

Summary

Hide ▲

GitLab CE/EE patched CVE-2026-0723, an unchecked return value flaw in authentication services that could let an attacker who knew a victim's account ID bypass two-factor authentication. The issue affected the platform's authentication flow and raised account-access risk for exposed deployments. GitLab shipped fixed releases and urged self-managed admins to upgrade immediately.

Related Happenings

Instagram High Touch Support password reset security flaw

Vulnerability
H score40 First: 08.06.2026 09:00 Last: 08.06.2026 09:00 Sources 1

About this happening: **Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...

Dashlane personal-plan users' encrypted vault exposure

Data Leak
H score26 First: 02.06.2026 06:55 Last: 02.06.2026 06:55 Sources 1

About this happening: On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
H score12 First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

CISA orders FCEB GitLab patching under BOD 22-01

Public Sector Action
H score29 First: 04.02.2026 17:42 Last: 04.02.2026 17:42 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
H score56 First: 23.01.2026 12:39 Last: 23.01.2026 12:39 Sources 1

About this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...

Timeline

  1. 21.01.2026 15:57 2 articles · 5mo ago

    GitLab patches CVE-2026-0723 2FA bypass

    Mitigation Patch Update

    GitLab patched CVE-2026-0723 in GitLab Community Edition (CE) and Enterprise Edition (EE), a high-severity authentication flaw that let an attacker who knew a victim's account ID submit forged device responses and bypass two-factor authentication. The company released versions 18.8.2, 18.7.2, and 18.6.4, urged self-managed administrators to upgrade immediately, noted that GitLab.com was already running the patched version, and said GitLab Dedicated customers did not need to take action.

    Show sources