CVE-2021-39935
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
CVSS
—
Sin CVSS
EPSS
35.6%
p98
KEV
SÍ
3 feb 2026
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
GitLab / Community and Enterprise Editions
Vulnerabilidad
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Añadido a KEV
3 feb 2026
Remediar antes de
24 feb 2026
Uso conocido en ransomware
No
Descripción resumida
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935