CVE-2026-0723 - Vulnerability Details - OpenCVE

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

No data.

No data.

No data.

References

Link	Providers
https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/585333
https://hackerone.com/reports/3476052

History

Thu, 22 Jan 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.
Title		Unchecked Return Value in GitLab
First Time appeared		Gitlab Gitlab gitlab
Weaknesses		CWE-252
CPEs		cpe:2.3:a:gitlab:gitlab::::::::
Vendors & Products		Gitlab Gitlab gitlab
References		https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/585333 https://hackerone.com/reports/3476052
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2026-01-22T13:34:08.340Z

Updated: 2026-01-22T15:28:50.276Z

Reserved: 2026-01-08T13:03:57.347Z

Link: CVE-2026-0723

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-22T15:16:50.030

Modified: 2026-01-22T15:16:50.030

Link: CVE-2026-0723

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0723", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-01-08T13:03:57.347Z", "datePublished": "2026-01-22T13:34:08.340Z", "dateUpdated": "2026-01-22T15:28:50.276Z"}, "containers": {"cna": {"title": "Unchecked Return Value in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "18.6", "status": "affected", "lessThan": "18.6.4", "versionType": "semver"}, {"version": "18.7", "status": "affected", "lessThan": "18.7.2", "versionType": "semver"}, {"version": "18.8", "status": "affected", "lessThan": "18.8.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-252: Unchecked Return Value", "cweId": "CWE-252", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/585333", "name": "GitLab Issue #585333", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3476052", "name": "HackerOne Bug Bounty Report #3476052", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.6.4, 18.7.2, 18.8.2 or above."}], "credits": [{"lang": "en", "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-01-22T13:34:08.340Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T15:28:39.396018Z", "id": "CVE-2026-0723", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T15:28:50.276Z"}}]}}