GitLab and Gitea Flaws Prompt Advisories Over Multiple Security Risks
German authorities issued multiple security advisories for GitLab and Gitea, warning of newly tracked vulnerabilities that affect widely used source code management and DevOps platforms. Two separate dCERT notices flagged multiple vulnerabilities in GitLab, indicating more than one security issue requiring administrator attention across the platform.
A separate dCERT advisory warned that Gitea contains a vulnerability that can bypass security measures, raising concern that protections intended to restrict access or enforce policy may be circumvented. While the advisories did not publish technical synopses in the referenced notices, the alerts indicate that organizations using GitLab or Gitea should review vendor guidance, identify affected deployments, and prioritize patching or other mitigations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes GitLab multiple vulnerabilities advisory 2026-1221
dCERT issued advisory 2026-1221 concerning multiple vulnerabilities in GitLab. The reference content does not specify whether this is a new set of flaws or an update to earlier reporting.
dCERT publishes Gitea security bypass advisory 2026-1216
dCERT issued advisory 2026-1216 for a Gitea vulnerability that allows bypassing security measures. The reference does not include additional technical or impact details.
dCERT publishes GitLab multiple vulnerabilities advisory 2026-0833
dCERT issued advisory 2026-0833 concerning multiple vulnerabilities affecting GitLab. No further technical details are provided in the reference content.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
dCERT - Advisory 2026-1221 - GitLab: Multiple Vulnerabilities
dcert.de
Open sourcedCERT - Advisory 2026-1216 - Gitea: Vulnerability allows bypassing security measures
dcert.de
Open sourcedCERT - Advisory 2026-0833 - GitLab: Multiple Vulnerabilities
dcert.de
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
GitLab Patches High-Severity 2FA Bypass and DoS Vulnerabilities in CE/EE
GitLab released security updates for self-managed **GitLab Community Edition (CE)** and **Enterprise Edition (EE)** to fix a high-severity **two-factor authentication (2FA) bypass** and multiple **denial-of-service (DoS)** flaws. The most significant issue, **CVE-2026-0723** (CVSS 7.4), is an *unchecked return value* weakness in authentication services that could allow an attacker with knowledge of a victim’s credential/account ID to bypass 2FA by submitting forged device responses. GitLab also patched DoS vulnerabilities affecting unauthenticated and authenticated scenarios, including crafted malformed authentication data against the **Jira Connect** integration (**CVE-2025-13927**), incorrect authorization validation in API endpoints such as the **Releases API** (**CVE-2025-13928**), malformed Wiki documents that bypass cycle detection (**CVE-2025-13335**), and repeated malformed SSH authentication requests (**CVE-2026-1102**). Fixed releases are **18.8.2**, **18.7.2**, and **18.6.4**; GitLab advised administrators to upgrade immediately, noting *GitLab.com* is already patched, while third-party tracking indicated thousands of exposed GitLab CE instances remain online and potentially at risk if unpatched.
Mar 21, 2026
GitLab patches 11 flaws including account takeover and XSS in CE and EE
GitLab released **19.0.2**, **18.11.5**, and **18.10.8** for self-managed Community Edition and Enterprise Edition deployments to fix **11 security vulnerabilities** and additional bugs, and urged administrators to upgrade immediately. The advisory says all versions before those releases are affected, while **GitLab.com** has already been patched and **GitLab Dedicated** customers do not need to take action. GitLab also warned that the update includes database migrations that may cause downtime on single-node instances, though multi-node environments can use zero-downtime upgrade procedures. The most severe issue, **`CVE-2026-6552`** (**CVSS 8.7**), is an improper authorization flaw in GitLab EE's Group SAML identity management that could let an authenticated **group Owner** take over another group member's account under certain conditions. GitLab also fixed **`CVE-2026-10087`**, an Analytics Dashboard cross-site scripting flaw in GitLab EE that could allow an authenticated **developer** to execute arbitrary client-side code in a victim's browser. The broader patch set addresses additional risks including denial of service in Grape API JSON parsing, SSRF, unauthorized access to confidential data, and other authorization bypasses, and government and vendor advisories have called on organizations to apply the patched versions.
Jun 11, 2026
Critical Unauthenticated Remote Code Execution Flaws Disclosed in GitLab and Apache Commons Text
Authorities warned of **critical vulnerabilities** in **GitLab Community Edition and Enterprise Edition** and the **Apache Commons Text** component that could be exploited remotely over a network. In both cases, the flaws were described as reachable **without physical access**, requiring **no user interaction** and **no prior authentication**, making internet-exposed systems particularly at risk. The advisories indicate that attackers could target the vulnerable software directly rather than relying on phishing or stolen credentials, raising the likelihood of rapid opportunistic exploitation. Organizations using affected GitLab deployments or applications that include Apache Commons Text were urged to identify exposed assets quickly and prioritize remediation because the weaknesses could enable severe compromise through unauthenticated remote attacks.
May 12, 2026