VYPR
Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Feb 26, 2026

Authentication Bypass Using an Alternate Path or Channel in GitLab

CVE-2025-11984

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26

Patches

Vulnerability mechanics

References

3

News mentions

1