Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

GitLab CE/EE SSRF flaw (CVE-2021-39935)

Vulnerability
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

GitLab CE/EE CVE-2021-39935 is an actively exploited SSRF flaw that lets unauthenticated external users make server-side requests through the CI Lint API. The issue affects multiple version ranges and matters because the API is used to simulate pipelines and validate CI/CD configurations. CISA has now added the flaw to its exploited-in-the-wild list, underscoring ongoing risk for exposed GitLab instances.

Related Happenings

CISA orders FCEB GitLab patching under BOD 22-01

Public Sector Action
First: 04.02.2026 17:42 Last: 04.02.2026 17:42 Sources 1

How related: On Tuesday, CISA added the flaw to its list of vulnerabilities exploited in the wild and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their systems within three weeks, by February 24, 2026, as mandated by Binding Operational Directive (BOD) 22-01.

About this happening: **CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)

Advisory/Mitigation
First: 03.02.2026 18:15 Last: 03.02.2026 18:15 Sources 1

About this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...

Open Happening

CISA BOD 22-01 federal remediation directive

Public Sector Action
First: 23.01.2026 20:47 Last: 23.01.2026 20:47 Sources 1

About this happening: **CISA** required **federal agencies** covered by **BOD 22-01** to apply available security updates or vendor-suggested mitigations, or stop using the affected products by **Febru...

Open Happening

Timeline

  1. 04.02.2026 17:42 2 articles · 3mo ago

    CISA orders remediation of CVE-2021-39935 in GitLab CE/EE

    Legal Policy Action Update

    CISA added CVE-2021-39935, a GitLab CE/EE server-side request forgery flaw affecting the CI Lint API, to its exploited-in-the-wild list and ordered Federal Civilian Executive Branch agencies to patch affected systems by February 24, 2026 under BOD 22-01. The agency also urged other organizations to apply vendor mitigations or discontinue use if mitigations are unavailable, while exposed GitLab instances remain widely visible online. GitLab had already patched the flaw in December 2021.

    Show sources
    Open in new tab