GitLab authentication services 2FA bypass (CVE-2026-0723)
Vulnerability
Summary
Hide ▲
Show ▼
GitLab CE/EE patched CVE-2026-0723, an unchecked return value flaw in authentication services that could let an attacker who knew a victim's account ID bypass two-factor authentication. The issue affected the platform's authentication flow and raised account-access risk for exposed deployments. GitLab shipped fixed releases and urged self-managed admins to upgrade immediately.
Related Happenings
CISA orders FCEB GitLab patching under BOD 22-01
Public Sector Action
First: 04.02.2026 17:42
Last: 04.02.2026 17:42
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...
CISA orders FCEB GitLab patching under BOD 22-01
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/Mitigation
First: 23.01.2026 12:39
Last: 23.01.2026 12:39
Sources 1
About this happening:
**Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
GitLab Cloud public repositories secret exposure
Data Leak
First: 28.11.2025 19:43
Last: 28.11.2025 19:43
Sources 1
About this happening:
A scan of **5.6 million** public **GitLab Cloud** repositories uncovered **17,430 verified live secrets**, creating a large-scale credential exposure risk across **2,804 unique do...
GitLab Cloud public repositories secret exposure
Data LeakAbout this happening: A scan of **5.6 million** public **GitLab Cloud** repositories uncovered **17,430 verified live secrets**, creating a large-scale credential exposure risk across **2,804 unique do...
Timeline
-
21.01.2026 15:57 2 articles · 4mo ago
GitLab patches CVE-2026-0723 2FA bypass
Mitigation Patch UpdateGitLab patched CVE-2026-0723 in GitLab Community Edition (CE) and Enterprise Edition (EE), a high-severity authentication flaw that let an attacker who knew a victim's account ID submit forged device responses and bypass two-factor authentication. The company released versions 18.8.2, 18.7.2, and 18.6.4, urged self-managed administrators to upgrade immediately, noted that GitLab.com was already running the patched version, and said GitLab Dedicated customers did not need to take action.
Show sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
- Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws — thehackernews.com — 21.01.2026 17:42