GitLab Patches High-Severity 2FA Bypass and DoS Vulnerabilities
Summary
Hide ▲
Show ▼
GitLab has released patches for several high-severity vulnerabilities, including a 2FA bypass flaw and multiple denial-of-service (DoS) issues affecting both community and enterprise editions. The most critical vulnerability, CVE-2026-0723, allows attackers to bypass 2FA by exploiting an unchecked return value in authentication services. Additionally, two high-severity DoS flaws (CVE-2025-13927 and CVE-2025-13928) and two medium-severity DoS vulnerabilities (CVE-2025-13335 and CVE-2026-1102) were addressed. GitLab has urged users to upgrade to the latest versions immediately.
Timeline
-
21.01.2026 15:57 1 articles · 23h ago
GitLab Releases Patches for High-Severity 2FA Bypass and DoS Vulnerabilities
GitLab has patched a high-severity 2FA bypass vulnerability (CVE-2026-0723) and multiple DoS flaws affecting both community and enterprise editions. The vulnerabilities could allow attackers to bypass authentication and trigger DoS conditions. GitLab has released versions 18.8.2, 18.7.2, and 18.6.4 to address these issues and has advised users to upgrade immediately.
Show sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
Information Snippets
-
CVE-2026-0723 is a high-severity 2FA bypass vulnerability in GitLab's authentication services.
First reported: 21.01.2026 15:571 source, 1 articleShow sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
-
CVE-2025-13927 and CVE-2025-13928 are high-severity DoS vulnerabilities affecting GitLab CE/EE.
First reported: 21.01.2026 15:571 source, 1 articleShow sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
-
CVE-2025-13335 and CVE-2026-1102 are medium-severity DoS vulnerabilities related to malformed Wiki documents and SSH authentication requests.
First reported: 21.01.2026 15:571 source, 1 articleShow sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
-
GitLab has released versions 18.8.2, 18.7.2, and 18.6.4 to address these vulnerabilities.
First reported: 21.01.2026 15:571 source, 1 articleShow sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57
-
Over 6,000 GitLab CE instances are exposed online, with over 45,000 devices identified by Shodan.
First reported: 21.01.2026 15:571 source, 1 articleShow sources
- GitLab warns of high-severity 2FA bypass, denial-of-service flaws — www.bleepingcomputer.com — 21.01.2026 15:57