Cyber Resilience

CVE-2026-0723

High

Published: 22 January 2026

Published
22 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 1.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0723 is a high-severity Unchecked Return Value (CWE-252) vulnerability in Gitlab Gitlab. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2026-0723 is a vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting all versions from 18.6 prior to 18.6.4, 18.7 prior to 18.7.2, and 18.8 prior to 18.8.2. The issue allows an attacker with prior knowledge of a victim's credential ID to bypass two-factor authentication (2FA) by submitting forged device responses. It is associated with CWE-252 (Unchecked Return Value) and carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

An attacker can exploit this vulnerability remotely over the network without requiring user privileges or interaction, though it demands high attack complexity, likely due to the need for precise knowledge of the target's credential ID. Successful exploitation enables bypassing 2FA protections, potentially granting unauthorized access to the victim's GitLab account with high impacts on confidentiality and integrity, such as accessing sensitive repositories or project data.

GitLab has remediated the vulnerability, as detailed in their patch release notes for version 18.8.2 and related advisories. Security practitioners should upgrade affected GitLab CE/EE instances to version 18.6.4, 18.7.2, or 18.8.2 or later. Additional details are available in GitLab issue tracker entry 585333 and the corresponding HackerOne disclosure report 3476052.

EU & UK References

Vulnerability details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication…

more

by submitting forged device responses.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote auth bypass in public-facing GitLab web app directly enables T1190; no other techniques are directly facilitated by the described flaw.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-9870Same product: Gitlab Gitlab
CVE-2025-9222Same product: Gitlab Gitlab
CVE-2026-2745Same product: Gitlab Gitlab
CVE-2025-14560Same product: Gitlab Gitlab
CVE-2026-5816Same product: Gitlab Gitlab
CVE-2025-0376Same product: Gitlab Gitlab
CVE-2026-3857Same product: Gitlab Gitlab
CVE-2025-7659Same product: Gitlab Gitlab
CVE-2025-13928Same product: Gitlab Gitlab
CVE-2025-13772Same product: Gitlab Gitlab

Affected Assets

gitlab
gitlab
18.6.0 — 18.6.4 · 18.6.0 — 18.6.4 · 18.7.0 — 18.7.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic verification of multi-factor authenticators so that forged device responses cannot satisfy the 2FA check.

prevent

Enforces that access decisions are made only after the complete, correctly validated authentication chain succeeds.

prevent

Mandates validation of all inputs, directly addressing the unchecked return value that allowed forged 2FA device responses.

References