GitLab authentication services 2FA bypass (CVE-2026-0723)
Vulnerability
Summary
Hide ▲
Show ▼
GitLab CE/EE patched CVE-2026-0723, an unchecked return value flaw in authentication services that could let an attacker who knew a victim's account ID bypass two-factor authentication. The issue affected the platform's authentication flow and raised account-access risk for exposed deployments. GitLab shipped fixed releases and urged self-managed admins to upgrade immediately.
Related Happenings
Instagram High Touch Support password reset security flaw
Vulnerability
H score40
First: 08.06.2026 09:00
Last: 08.06.2026 09:00
Sources 1
About this happening:
**Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...
Instagram High Touch Support password reset security flaw
VulnerabilityAbout this happening: **Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...
Dashlane personal-plan users' encrypted vault exposure
Data Leak
H score26
First: 02.06.2026 06:55
Last: 02.06.2026 06:55
Sources 1
About this happening:
On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...
Dashlane personal-plan users' encrypted vault exposure
Data LeakAbout this happening: On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...
Dashlane password manager account lockouts from brute-force attacks
Service Disruption
H score12
First: 01.06.2026 21:17
Last: 01.06.2026 21:17
Sources 1
About this happening:
**Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
Dashlane password manager account lockouts from brute-force attacks
Service DisruptionAbout this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
CISA orders FCEB GitLab patching under BOD 22-01
Public Sector Action
H score29
First: 04.02.2026 17:42
Last: 04.02.2026 17:42
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...
CISA orders FCEB GitLab patching under BOD 22-01
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/Mitigation
H score56
First: 23.01.2026 12:39
Last: 23.01.2026 12:39
Sources 1
About this happening:
**Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
Timeline
-
21.01.2026 15:57 2 articles · 5mo ago
GitLab patches CVE-2026-0723 2FA bypass
Mitigation Patch UpdateGitLab patched CVE-2026-0723 in GitLab Community Edition (CE) and Enterprise Edition (EE), a high-severity authentication flaw that let an attacker who knew a victim's account ID submit forged device responses and bypass two-factor authentication. The company released versions 18.8.2, 18.7.2, and 18.6.4, urged self-managed administrators to upgrade immediately, noted that GitLab.com was already running the patched version, and said GitLab Dedicated customers did not need to take action.
Show sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
- Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws — thehackernews.com — 21.01.2026 17:42