In a world where digital security is paramount, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a vulnerability in GitLab that dates back five years and is currently being exploited in cyberattacks. This warning underscores a pressing issue that many organizations may overlook—ensuring their systems are adequately protected against known threats.
The vulnerability in question is a server-side request forgery (SSRF) flaw, specifically identified as CVE-2021-39935. GitLab first addressed this issue in December 2021, clarifying that it could potentially allow unauthorized attackers to access the CI Lint API. The CI Lint API serves an essential function, enabling users to simulate pipelines and validate configurations for Continuous Integration/Continuous Deployment (CI/CD) processes.
At that time, GitLab emphasized that when user registration is restricted, external individuals without developer roles should not have access to this API. The company noted, "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, and all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API."
Recently, CISA officially added this vulnerability to its catalog of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies must implement necessary patches within three weeks, by February 24, 2026. This action was taken under the directive known as Binding Operational Directive (BOD) 22-01. Although BOD 22-01 specifically targets federal agencies, CISA has strongly recommended that all organizations, including those in the private sector, prioritize safeguarding their systems against ongoing attacks related to CVE-2021-39935.
CISA's warning highlights the frequency with which such vulnerabilities can be exploited by malicious cyber actors, posing significant risks across government and organizational infrastructures. They urged organizations to apply relevant mitigations as per vendor instructions, adhere to guidelines outlined in BOD 22-01 for cloud services, or discontinue the use of the affected product if proper mitigations are not available.
Currently, Shodan, a search engine for internet-connected devices, reports that there are over 49,000 devices online bearing the GitLab fingerprint, with a significant majority located in China. Alarmingly, nearly 27,000 of these devices are operating on the default port 443, making them particularly vulnerable to attacks.
GitLab itself claims that its DevSecOps platform boasts more than 30 million registered users and is trusted by over half of the Fortune 100 companies, including well-known entities like Nvidia, Airbus, Goldman Sachs, T-Mobile, and Lockheed Martin.
In addition to the GitLab vulnerability, CISA also flagged a critical flaw in SolarWinds Web Help Desk as actively exploited, ordering government agencies to apply patches within just three days—a reminder of the ever-evolving landscape of cybersecurity threats.
As we look towards the future of IT infrastructure, it’s evident that modern systems are evolving at a pace that manual workflows struggle to keep up with. In light of these challenges, organizations must seek effective solutions to automate responses, reduce hidden delays, and scale intelligent workflows using existing tools.
So, how prepared do you feel your organization is against such vulnerabilities? Are you taking the necessary steps to ensure your systems remain secure? Share your thoughts and opinions in the comments below!
