- GitLab patched CVE-2026-0723, a flaw that allows 2FA bypass and account takeover
- Additional DoS vulnerabilities in authentication, API endpoints, Wiki, and SSH were also addressed.
- GitLab urges immediate updates; ~6000 exposed CE instances remain potential targets
GitLab fixed a high severity vulnerability in its Community Edition and Enterprise Edition (CE/EE) versions that allowed threat actors to bypass two-factor authentication and potentially take over people’s accounts.
“GitLab has fixed an issue that could have allowed an individual with existing knowledge of a victim’s credential ID to bypass two-factor authentication by submitting spoofed responses from the device,” the company said in a security advisory.
As explained, the vulnerability was due to an unchecked return value in GitLab’s authentication services. As a result, attackers can bypass 2FA for victims whose IDs they knew beforehand.
Strange campaign
The bug is now tracked as CVE-2026-0723 and was given a high severity score (7.4/10).
Fixed in EC/EE versions 18.8.2, 18.7.2, 18.6.4.
In the same patch, GitLab also fixed two additional bugs that allowed attackers to mount denial of service (DoS) attacks by sending custom requests with malformed authentication data and abusing incorrect authorization validation on API endpoints.
These two flaws are tracked as CVE-2025-13927 and CVE_2025.13928, and affect both CE and EE versions.
GitLab also fixed two DoS flaws that can be triggered by configuring malformed Wiki documents and sending repeated malformed SSH authentication requests. These two are now tracked as CVE-2025-13335 and CVE-2026-1102.
Speaking about the latest patch, GitLab urged users to apply it without hesitation:
“These releases contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations upgrade to one of these releases immediately,” GitLab explained. “GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action.”
Citing data from Shadowserver, beepcomputer says there are currently around 6,000 GitLab CE instances exposed online, suggesting the target landscape is quite large.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
