A fresh round of security updates from GitLab has addressed multiple serious vulnerabilities that could expose development environments to authentication bypass and service disruption risks.
GitLab has patched a high-severity vulnerability that allowed attackers to bypass two-factor authentication (2FA) in both its Community Edition (CE) and Enterprise Edition (EE). The flaw, tracked as CVE-2026-0723, was caused by an unchecked return value in GitLab’s authentication services. If exploited, attackers with prior knowledge of a victim’s credential ID could bypass 2FA protections.
“GitLab has remediated an issue that could have allowed an individual with existing knowledge of a victim’s credential ID to bypass two-factor authentication by submitting forged device responses,” the company said in its advisory.
Alongside this fix, GitLab resolved 2 additional high-severity vulnerabilities that could be abused by unauthenticated attackers to trigger denial-of-service (DoS) conditions. One flaw, CVE-2025-13927, involved crafted requests with malformed authentication data, while the second, CVE-2025-13928, stemmed from incorrect authorization checks in certain API endpoints.
The company also patched 2 medium-severity DoS vulnerabilities. These included an issue where malformed Wiki documents could bypass cycle detection (CVE-2025-13335) and another that allowed repeated malformed SSH authentication requests to overwhelm systems (CVE-2026-1102).
To mitigate these risks, GitLab released updated versions 18.8.2, 18.7.2, and 18.6.4 for both CE and EE deployments. Administrators running self-managed GitLab installations have been strongly urged to upgrade immediately.
“These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately,” GitLab said. “GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action.”
Security researchers continue to flag the exposure risk. Internet security monitoring group Shadowserver is tracking nearly 6,000 GitLab CE instances currently exposed online. Separately, search engine Shodan has identified more than 45,000 devices with a GitLab fingerprint.
This is not the first major security update from GitLab in recent months. In June 2025, the company fixed high-severity vulnerabilities related to account takeover and missing authentication checks, again urging customers to update their systems without delay.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
