Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA orders FCEB GitLab patching under BOD 22-01

Public Sector Action
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered FCEB agencies to patch GitLab CE/EE against CVE-2021-39935, forcing remediation of an actively exploited SSRF flaw within three weeks. The deadline is February 24, 2026 under BOD 22-01. CISA said the flaw poses a significant risk to the federal enterprise and urged broader organizations to prioritize mitigations.

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...

CISA zero-trust SASE guidance for TIC 3.0

Public Sector Action
H score30 First: 25.06.2026 14:30 Last: 25.06.2026 14:30 Sources 1

About this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...

CISA BOD 26-04 three-day remediation directive

Public Sector Action
H score36 First: 24.06.2026 17:35 Last: 24.06.2026 17:35 Sources 1

About this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...

Trump executive order sets federal PQC migration deadlines

Public Sector Action
H score23 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...

CISA warning on FortiBleed for FortiGate customers

Public Sector Action
H score89 First: 19.06.2026 17:00 Last: 19.06.2026 17:00 Sources 1

About this happening: **CISA** warned **Fortinet** customers with **FortiGate appliances** to secure exposed systems against ongoing malicious activity tied to **FortiBleed**. The activity had reached...

Timeline

  1. 04.02.2026 17:42 2 articles · 5mo ago

    CISA orders FCEB patching for GitLab CVE-2021-39935

    Legal Policy Action Update

    CISA added CVE-2021-39935, a GitLab server-side request forgery flaw, to its exploited-in-the-wild list and ordered Federal Civilian Executive Branch agencies to patch affected systems within three weeks, by February 24, 2026, under Binding Operational Directive (BOD) 22-01. CISA also urged other organizations to prioritize mitigations against ongoing attacks, while GitLab had already patched the flaw in December 2021.

    Show sources