Unrated severityCISA KEVNVD Advisory· Published Dec 13, 2021· Updated Feb 3, 2026

CVE-2021-39935

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

Affected products

GitLab Inc./GitLabv5
Range: >=10.5, <14.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.jsonmitrex_refsource_CONFIRM
gitlab.com/gitlab-org/gitlab/-/issues/346187mitrex_refsource_MISC
hackerone.com/reports/1236965mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.047
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000