The post GitLab Security Update: High-Severity Vulnerabilities Patched in April Release appeared first on Daily CyberSecurity.

Hackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development and business workflows, organizations cannot simply block them at the network edge, giving threat actors a powerful, trusted delivery channel. GitHub […]

The post GitHub, GitLab Abused for Malware and Phishing Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitLab has released urgent security updates (versions 18.10.3, 18.9.5, and 18.8.9) for its Community Edition (CE) and Enterprise Edition (EE) to address high-severity flaws that enable Denial-of-Service (DoS) and code-injection attacks.

GitLab strongly advises all administrators of self-managed systems to upgrade immediately to protect their instances.

High-Severity Vulnerabilities

The latest security release resolves three high-severity bugs that pose significant risks to GitLab environments:

• CVE-2026-5173 (CVSS 8.5): An authenticated attacker could execute unintended server-side commands through WebSocket connections due to improper access controls.
• CVE-2026-1092 (CVSS 7.5): An unauthenticated user could trigger a Denial of Service attack by submitting improperly validated JSON data to the Terraform state lock API.
• CVE-2025-12664 (CVSS 7.5): Attackers without an account could cause a DoS condition by overwhelming the server with repeated GraphQL queries.

Alongside the severe issues, GitLab addressed several medium-level vulnerabilities that could compromise user safety and system stability:

• CVE-2026-1516 (CVSS 5.7): An authenticated user could inject malicious code into Code Quality reports, secretly leaking the IP addresses of other users who view the report.
• CVE-2026-1403 (CVSS 6.5): Weak validation of CSV files could allow authenticated users to crash background Sidekiq workers during file import.
• CVE-2026-4332 (CVSS 5.4): Poor input filtering in analytics dashboards could allow attackers to execute harmful JavaScript code in the browsers of other users.
• CVE-2026-1101 (CVSS 6.5): Bad input validation in GraphQL queries could allow an authenticated user to cause a DoS of the entire GitLab instance.

Additional Security Patches

The update also includes several lower-severity patches that resolve data leaks and broken access controls:

• CVE-2026-2619 (CVSS 4.3): Incorrect authorization allowed authenticated users with auditor privileges to modify vulnerability flag data in private projects.
• CVE-2025-9484 (CVSS 4.3): An information disclosure bug allowed authenticated users to view other users’ email addresses through specific GraphQL queries.
• CVE-2026-1752 (CVSS 4.3): Improper access controls allowed developers to modify protected environment settings.
• CVE-2026-2104 (CVSS 4.3): Insufficient authorization checks in CSV exports allowed users to access confidential issues assigned to others.
• CVE-2026-4916 (CVSS 2.7): A missing authorization check allows users with custom roles to demote or remove higher-privileged group members.

GitLab emphasizes that all self-managed installations must be upgraded to versions 18.10.3, 18.9.5, or 18.8.9 as soon as possible.

Because these updates do not require complex database changes, multi-node deployments can be upgraded without any system downtime.

Users hosted on GitLab.com or using GitLab Dedicated are already safe, as the company has applied the patches to its cloud servers.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post GitLab Patches Multiple Vulnerabilities That Enables DoS and Code Injection Attacks appeared first on Cyber Security News.

The post Security Alert: GitLab Issues Patch for High-Severity Vulnerabilities Across CE and EE appeared first on Daily CyberSecurity.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

• CVE-2021-22175 (CVSS score 6.8) GitLab Server-Side Request Forgery (SSRF) Vulnerability
• CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability

The first vulnerability added to the catalog is a server-side request forgery (SSRF) issue in GitLab, tracked as CVE-2021-22175.

“When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled” reads the advisory.

In March 2025, Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting that attackers may be leveraging Grafana as an initial entry point for deeper exploitation. One of the vulnerabilities exploited in the attacks observed by the experts is CVE-2020-7796. Most Server-Side Request Forgery exploitation attempts targeted entities in the United States, Germany, Singapore, India, Lithuania, Japan, and Israel.

The experts warned that attackers leverage SSRF for pivoting and reconnaissance and cloud exploitation.

The second flaw added to the KeV catalog is a Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability tracked as CVE-2026-22769. The vulnerability involves hardcoded credentials and was abused to gain access to VMware backup systems.

This week, Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024.

“Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0.” reads the report published by Google. “Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including SLAYSTYLE, BRICKSTORM, and a novel backdoor tracked as GRIMBOLT.”

The China-nexus group exploited the bug to move laterally, maintain persistence, and deploy malware such as SLAYSTYLE, BRICKSTORM, and a new C# backdoor, GRIMBOLT. Researchers observed advanced tactics, including stealthy VMware pivoting via “Ghost NICs” and Single Packet Authorization with iptables. Dell has released patches and mitigation guidance.

During investigations into compromised Dell RecoverPoint appliances, Mandiant researchers discovered that attackers replaced BRICKSTORM with a new C# backdoor, GRIMBOLT, in September 2025. GRIMBOLT is compiled using Native AOT and packed with UPX. The malware provides remote shell access and reuses BRICKSTORM’s command-and-control channels.

The attackers ensured persistence by modifying a legitimate startup script so the backdoor runs automatically at boot.

While investigating compromised Dell RecoverPoint systems, Mandiant uncovered CVE-2026-22769 after spotting Tomcat Manager access using hardcoded admin credentials. Attackers uploaded a malicious WAR file containing the SLAYSTYLE web shell, gaining root command execution as early as mid-2024. The group also expanded into VMware environments, creating “Ghost NICs” for stealthy lateral movement and using iptables-based Single Packet Authorization to covertly redirect and control traffic on vCenter appliances.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA urges federal agencies to fix the Dell RecoverPoint flaw by the end of this week, on February 21, while ordering the agencies to address the GitLab issue by March 11, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.

The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic.