CISA orders FCEB GitLab patching under BOD 22-01
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered FCEB agencies to patch GitLab CE/EE against CVE-2021-39935, forcing remediation of an actively exploited SSRF flaw within three weeks. The deadline is February 24, 2026 under BOD 22-01. CISA said the flaw poses a significant risk to the federal enterprise and urged broader organizations to prioritize mitigations.
Related Happenings
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
H score35
First: 26.06.2026 22:43
Last: 26.06.2026 22:43
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA zero-trust SASE guidance for TIC 3.0
Public Sector Action
H score30
First: 25.06.2026 14:30
Last: 25.06.2026 14:30
Sources 1
About this happening:
CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CISA zero-trust SASE guidance for TIC 3.0
Public Sector ActionAbout this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CISA BOD 26-04 three-day remediation directive
Public Sector Action
H score36
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
CISA BOD 26-04 three-day remediation directive
Public Sector ActionAbout this happening: CISA's **BOD 26-04** requires **federal agencies** to apply available security updates or vendor-recommended mitigations within **three days**, accelerating remediation for **acti...
Trump executive order sets federal PQC migration deadlines
Public Sector Action
H score23
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
Trump executive order sets federal PQC migration deadlines
Public Sector ActionAbout this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
CISA warning on FortiBleed for FortiGate customers
Public Sector Action
H score89
First: 19.06.2026 17:00
Last: 19.06.2026 17:00
Sources 1
About this happening:
**CISA** warned **Fortinet** customers with **FortiGate appliances** to secure exposed systems against ongoing malicious activity tied to **FortiBleed**. The activity had reached...
CISA warning on FortiBleed for FortiGate customers
Public Sector ActionAbout this happening: **CISA** warned **Fortinet** customers with **FortiGate appliances** to secure exposed systems against ongoing malicious activity tied to **FortiBleed**. The activity had reached...
Timeline
-
04.02.2026 17:42 2 articles · 5mo ago
CISA orders FCEB patching for GitLab CVE-2021-39935
Legal Policy Action UpdateCISA added CVE-2021-39935, a GitLab server-side request forgery flaw, to its exploited-in-the-wild list and ordered Federal Civilian Executive Branch agencies to patch affected systems within three weeks, by February 24, 2026, under Binding Operational Directive (BOD) 22-01. CISA also urged other organizations to prioritize mitigations against ongoing attacks, while GitLab had already patched the flaw in December 2021.
Show sources
- CISA warns of five-year-old GitLab flaw exploited in attacks — www.bleepingcomputer.com — 04.02.2026 17:42
- CISA warns of five-year-old GitLab flaw exploited in attacks — www.bleepingcomputer.com — 04.02.2026 17:42