DevSecOps platform GitLab has patched a high-severity two-factor authentication (2FA) bypass vulnerability affecting both Community Edition (CE) and Enterprise Edition (EE), warning administrators to update self-managed installations without delay.
Tracked as CVE-2026-0723, the flaw stemmed from an unchecked return value issue within GitLab’s authentication services. According to the company, the vulnerability could allow an attacker with prior knowledge of a target user’s account or credential ID to bypass 2FA protections by submitting forged device responses during authentication.
Security experts note that while the exploit requires some level of account-specific information, the impact is significant given GitLab’s widespread deployment across enterprises, development teams and critical infrastructure environments.
Alongside the 2FA bypass, GitLab also fixed two additional high-severity vulnerabilities that could enable unauthenticated attackers to trigger denial-of-service (DoS) conditions.
One of the issues, tracked as CVE-2025-13927, could be exploited by sending specially crafted requests containing malformed authentication data, overwhelming the system and disrupting service availability. Another flaw, CVE-2025-13928, involved incorrect authorization validation in certain API endpoints, potentially allowing attackers to crash services through malformed requests.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
The company further addressed two medium-severity DoS vulnerabilities. These included a bug that allowed malformed Wiki documents to bypass cycle detection mechanisms (CVE-2025-13335) and another issue that enabled service disruption through repeated malformed SSH authentication requests (CVE-2026-1102).
To mitigate the risks, GitLab has released patched versions 18.8.2, 18.7.2 and 18.6.4 for both CE and EE deployments.
“These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded immediately,” the company said in an advisory. GitLab added that GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take any action.
The advisory comes amid growing concern over the number of internet-exposed GitLab instances. Internet security monitoring group Shadowserver is currently tracking nearly 6,000 GitLab CE instances accessible online, while Shodan data suggests over 45,000 devices globally carry identifiable GitLab fingerprints.
Cybersecurity analysts warn that publicly exposed developer tools are increasingly being targeted, not only for data theft but also as entry points into enterprise networks, given their access to source code, CI/CD pipelines and cloud credentials.
GitLab’s latest patch cycle follows a series of security incidents over the past year. In June 2025, the company addressed high-severity account takeover and missing authentication flaws, at the time urging customers to urgently upgrade their systems to prevent exploitation.
With over 30 million registered users worldwide and adoption by more than half of Fortune 100 companies, GitLab remains a high-value target for attackers. Major global enterprises across aerospace, telecom, defence and financial services rely on the platform for source code management and software delivery.
Security professionals advise organisations running self-managed GitLab instances to prioritise patch deployment, restrict public exposure where possible, and audit authentication logs for suspicious activity. Enforcing network-level access controls and ensuring proper segmentation of development infrastructure have also been recommended as immediate safeguards.
As threat actors increasingly exploit authentication weaknesses and service disruption bugs, the latest GitLab disclosures underscore the need for continuous patching and vigilant monitoring of critical developer platforms.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
