CVE-2021-39935

CVE Database · CVE-2021-39935

CVE-2021-39935

· MEDIUMAnalyzed

CVSS v3.1

6.8

EPSS

30.50%

Published

Dec 13, 2021

Modified

Feb 4, 2026

CISA Known Exploited Vulnerability

Added: 2026-02-03 · Due: 2026-02-24

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-918CWE-918

Affected Products (6)

gitlab · gitlab (up to 14.3.6)vulnerable

gitlab · gitlab (up to 14.4.4)vulnerable

gitlab · gitlab (up to 14.5.2)vulnerable

References (7)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39935.json

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/346187