Listen to this Post

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to government agencies to patch a critical GitLab vulnerability that has been exploited in active cyberattacks. This flaw, identified as CVE-2021-39935, was first patched by GitLab in December 2021 but remains a pressing threat due to ongoing exploitation. Experts emphasize that both public and private organizations must act swiftly to secure systems, as attackers continue to target exposed GitLab servers worldwide.
GitLab Vulnerability: A Summary
GitLab, a widely used DevSecOps platform with over 30 million users and adoption by more than half of the Fortune 100 companies, patched a server-side request forgery (SSRF) flaw in December 2021. This vulnerability allowed unauthenticated attackers to access the CI Lint API, which validates CI/CD pipelines, even without developer privileges. Specifically, GitLab stated:
“When user registration is limited, external users that aren’t developers shouldn’t have access to the CI Lint API.”
Affected versions include:
10.5 up to 14.3.6
14.4 up to 14.4.4
14.5 up to 14.5.2
The SSRF flaw enabled attackers to manipulate server requests, a common method for breaching systems and exfiltrating sensitive information. Despite being patched years ago, the vulnerability continues to be actively exploited in the wild.
On February 2, 2026, CISA added CVE-2021-39935 to its list of vulnerabilities exploited in the wild and issued a binding directive (BOD 22-01) requiring all Federal Civilian Executive Branch (FCEB) agencies to patch affected systems by February 24, 2026. While the directive specifically applies to federal agencies, CISA strongly urges private sector organizations to prioritize securing GitLab servers.
Shodan, the internet-connected device search engine, reports over 49,000 devices with GitLab fingerprints exposed online, most of which are in China, with nearly 27,000 using default port 443. The potential attack surface remains significant given GitLab’s widespread use among top-tier enterprises including Nvidia, Airbus, Goldman Sachs, T-Mobile, and Lockheed Martin.
In related alerts, CISA also flagged a critical SolarWinds Web Help Desk vulnerability as being actively exploited, requiring federal agencies to patch within just three days, highlighting the persistent risk to IT infrastructure from legacy flaws.
What Undercode Say:
The ongoing exploitation of CVE-2021-39935 highlights a critical gap between vulnerability disclosure and real-world patch implementation. Although GitLab released a patch in December 2021, the fact that attackers are still targeting this flaw underscores the risks of delayed patch management, particularly in enterprise and federal environments. Many organizations struggle with updating critical DevOps tools like GitLab due to operational dependencies, but leaving these vulnerabilities unpatched creates significant exposure to malicious actors.
Server-side request forgery attacks, especially on widely used APIs like CI Lint, can lead to unauthorized internal access, sensitive data exfiltration, and supply chain compromise. With more than 49,000 exposed GitLab instances online, including high-value targets in both the U.S. and China, the threat landscape is substantial. Companies that delay mitigation not only risk internal breaches but also jeopardize their partnerships and client trust.
Furthermore, the trend demonstrates a broader cybersecurity challenge: long-standing vulnerabilities are increasingly weaponized years after disclosure, particularly when the platform is used in mission-critical DevSecOps pipelines. Federal directives like BOD 22-01 aim to enforce compliance, but private companies remain vulnerable without proactive risk management.
For organizations leveraging GitLab, immediate mitigation strategies include:
Patching affected versions to the latest release.
Limiting access to the CI Lint API for external users.
Monitoring exposed endpoints using services like Shodan.
Considering temporary suspension of vulnerable services if patches cannot be applied immediately.
The broader lesson is that legacy vulnerabilities are a persistent threat, and organizations must embed patch management and proactive security monitoring into operational workflows, rather than treating security as an afterthought.
Fact Checker Results:
✅ GitLab CVE-2021-39935 was patched in December 2021.
✅ CISA has added it to the actively exploited vulnerabilities list and issued BOD 22-01.
✅ Shodan tracks over 49,000 exposed GitLab devices online.
Prediction:
Given the scale of exposure and delayed patch adoption, it is likely that CVE-2021-39935 will continue to be exploited for targeted attacks against both government and high-profile private sector organizations in 2026. Companies that delay mitigation may face ransomware attacks, intellectual property theft, or supply chain compromise. Swift patching and strict API access controls could reduce this risk significantly. ⚠️💻🔒
If you want, I can also create a visual map showing exposed GitLab servers worldwide to complement this article and make it more engaging.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.reddit.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




