The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw, tracked as CVE-2021-39935, is now confirmed to be under active exploitation in the wild.
Vulnerability Details
The SSRF vulnerability in GitLab’s CI Lint API allows unauthorized external attackers to perform server-side requests without proper authentication.
This weakness enables threat actors to manipulate the server into making requests to internal resources, potentially exposing sensitive data or facilitating lateral movement within compromised networks.
| Field | Details |
|---|---|
| CVE ID | CVE-2021-39935 |
| Vulnerability Type | Server-Side Request Forgery (SSRF) |
| Related CWE | CWE-918 |
| Affected Products | GitLab Community and Enterprise Editions |
Server-side request forgery attacks are hazardous because they bypass traditional perimeter defenses.
Attackers can leverage the vulnerable GitLab instance as a proxy to access internal systems, cloud metadata services, or other restricted resources that would otherwise be unreachable from external networks.
Both Community and Enterprise Editions of GitLab are affected by this vulnerability. The inclusion of the flaw in CISA’s KEV catalog confirms that malicious actors are actively targeting vulnerable GitLab instances in real-world attacks.
Organizations using affected versions face significant risks, including unauthorized access to internal infrastructure, data exfiltration, and potential supply chain compromises through CI/CD pipeline manipulation.
While CISA has not confirmed whether CVE-2021-39935 is being used in ransomware campaigns, the vulnerability’s nature makes it an attractive target for initial access brokers and advanced persistent threat groups seeking to establish footholds in enterprise environments.
CISA has issued a strict remediation timeline for federal agencies under Binding Operational Directive 22-01.
Federal Civilian Executive Branch (FCEB) agencies must apply vendor-provided patches or implement mitigations by February 24, 2026.
Organizations that cannot patch their systems are advised to discontinue use of the product until security updates become available.
GitLab has released patches addressing this vulnerability. Administrators should immediately upgrade to the latest patched versions and review their CI Lint API configurations for any suspicious activity.
Organizations using cloud-hosted GitLab services should follow BOD 22-01 guidance for cloud service security.
Security teams should also audit access logs for indicators of compromise, including unusual API requests to the CI Lint endpoint and unexpected internal network connections originating from GitLab servers.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.