GitLab has issued security patches for multiple high-severity vulnerabilities, including a critical two-factor authentication bypass and flaws allowing denial-of-service attacks. The platformβs widespread use by Fortune 100 companies highlights the importance of immediate updates to mitigate risks. #GitLab #CVE-2026-0723 #DevSecOps
Keypoints
- GitLab patched a critical two-factor authentication bypass vulnerability (CVE-2026-0723).
- Attackers with knowledge of a userβs credential ID could forge device responses to bypass 2FA.
- Additional high-severity flaws could enable DoS attacks through crafted requests and API exploits.
- Versions 18.8.2, 18.7.2, and 18.6.4 are released to fix these security issues.
- Over 6,000 GitLab CE instances are exposed online, underscoring the need for prompt upgrades.