VYPR
Unrated severityOSV Advisory· Published Jan 22, 2026· Updated Feb 26, 2026

Unchecked Return Value in GitLab

CVE-2026-0723

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabOSV2 versions
    v18.6.0-ee, v18.7.0-ee, v18.8.0-ee, …+ 1 more
    • (no CPE)range: v18.6.0-ee, v18.7.0-ee, v18.8.0-ee, …
    • (no CPE)range: >=18.6 <18.6.4, >=18.7 <18.7.2, >=18.8 <18.8.2
  • osv-coords
    Range: >= 18.6.0, < 18.6.4

Patches

Vulnerability mechanics

References

3

News mentions

1