CVE-2026-0723

Summary

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab18.6 < 18.6.4affected
GitLabGitLab18.7 < 18.7.2affected
GitLabGitLab18.8 < 18.8.2affected

Weaknesses

  • CWE-252: CWE-252: Unchecked Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References