Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: 2FA Bypass in GitLab CE/EE, Patch Immediately!
Image
Gepubliceerd : 23/01/2026
- Last update: 23/01/2026
- Affected software: GitLab CE/EE
- Type: 2FA Bypass
- CVE/CVSS
→ CVE-2026-0723: CVSS 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Source
GitLab - https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/
Risks
A critical two-factor authentication bypass vulnerability in GitLab CE/EE allows attackers to circumvent 2FA protections and gain unauthorized account access, potentially exposing source code repositories and sensitive credentials.
GitLab is a comprehensive DevSecOps platform serving as a complete DevOps lifecycle tool for software development, version control, and CI/CD automation.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2026-0723, has been identified in GitLab CE/EE versions 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2. This flaw arises from an unchecked return value in authentication services, allowing attackers to bypass two-factor authentication and gain unauthorized account access.
In affected versions, an attacker can exploit this vulnerability by submitting forged device responses if they possess knowledge of a victim's credential ID, leading to account takeover and unauthorized access to repositories and sensitive data.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
GitLab - https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/