Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
An urgent security update has been released by GitLab for the Community (CE) and Enterprise (EE) editions to address several high-severity vulnerabilities. These vulnerabilities expose installations to potential denial-of-service (DoS) attacks and authentication bypass attempts. Administrators are strongly advised to proceed with the update immediately, as the affected versions are 18.8.2, 18.7.2, and 18.6.4.
The update in question addresses five specific CVEs, including API-level exploits and a cunning method to bypass two-factor authentication (2FA). “GitLab has fixed an issue that could have allowed an attacker with a victim’s credentials to bypass two-factor authentication by sending spoofed device responses,” the advisory explains .
One of the most alarming vulnerabilities in the batch is CVE-2026-0723, an “unchecked return value” issue that compromises user security. This flaw, with a CVSS score of 7.4, is extremely dangerous as it compromises the mechanism for protecting accounts from compromised passwords . Affected versions include all versions from 18.6 to 18.6.4, 18.7 to 18.7.2, and 18.8 to 18.8.2.
The update also fixes several other bugs that could allow attackers to crash GitLab instances:
GitLab’s message is clear: “We strongly recommend that you immediately upgrade all self-managed GitLab installations to one of these releases.”
For administrators, the target versions are 18.8.2, 18.7.2, and 18.6.4. Failure to apply patches exposes instances to a variety of malicious attacks and potential account takeovers.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
