Home > Vulnerability Database > CVE-2026-0723

Mend.io Vulnerability Database

CVE-2026-0723

Good to know:

Date: January 22, 2026

Unchecked Return Value issue in authentication services impacts GitLab CE/EE could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses. Impacted Versions: GitLab CE/EE: all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2

Severity Score

7.4

Related Resources (6)

Url: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-0723

Url: https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

Url: https://hackerone.com/reports/3476052

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/585333

Url: https://www.mend.io/vulnerability-database/CVE-2026-0723

Severity Score

7.4

Weakness Type (CWE)

Unchecked Return Value

CWE-252

Top Fix

Upgrade Version

Upgrade to version https://gitlab.com/gitlab-org/gitlab.git - v18.7.2;https://gitlab.com/gitlab-org/gitlab.git - v18.7.2-ee;https://gitlab.com/gitlab-org/gitlab.git - v18.6.4-ee

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-0723

Good to know:

Date: January 22, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?