CVE-2026-0723

High

Published: 22 January 2026

Published

22 January 2026

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0001 1.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0723 is a high-severity Unchecked Return Value (CWE-252) vulnerability in Gitlab Gitlab. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote auth bypass in public-facing GitLab web app directly enables T1190; no other techniques are directly facilitated by the described flaw.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication…

by submitting forged device responses.

Deeper analysisAI

CVE-2026-0723 is a vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting all versions from 18.6 prior to 18.6.4, 18.7 prior to 18.7.2, and 18.8 prior to 18.8.2. The issue allows an attacker with prior knowledge of a victim's credential ID to bypass two-factor authentication (2FA) by submitting forged device responses. It is associated with CWE-252 (Unchecked Return Value) and carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

An attacker can exploit this vulnerability remotely over the network without requiring user privileges or interaction, though it demands high attack complexity, likely due to the need for precise knowledge of the target's credential ID. Successful exploitation enables bypassing 2FA protections, potentially granting unauthorized access to the victim's GitLab account with high impacts on confidentiality and integrity, such as accessing sensitive repositories or project data.

GitLab has remediated the vulnerability, as detailed in their patch release notes for version 18.8.2 and related advisories. Security practitioners should upgrade affected GitLab CE/EE instances to version 18.6.4, 18.7.2, or 18.8.2 or later. Additional details are available in GitLab issue tracker entry 585333 and the corresponding HackerOne disclosure report 3476052.

Details

CWE(s): CWE-252

Affected Products

gitlab

18.6.0 — 18.6.4 · 18.6.0 — 18.6.4 · 18.7.0 — 18.7.2

CVEs Like This One

CVE-2024-9870Same product: Gitlab Gitlab

CVE-2025-9222Same product: Gitlab Gitlab

CVE-2026-5173Same product: Gitlab Gitlab

CVE-2025-6948Same product: Gitlab Gitlab

CVE-2024-7102Same product: Gitlab Gitlab

CVE-2025-7659Same product: Gitlab Gitlab

CVE-2026-1092Same product: Gitlab Gitlab

CVE-2026-5816Same product: Gitlab Gitlab

CVE-2026-2745Same product: Gitlab Gitlab

CVE-2025-13927Same product: Gitlab Gitlab

References

https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/
Release Notes, Vendor Advisory · cve@gitlab.com
https://gitlab.com/gitlab-org/gitlab/-/issues/585333
Broken Link · cve@gitlab.com
https://hackerone.com/reports/3476052
Permissions Required · cve@gitlab.com