theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2021-22175

CISA KEV

Published February 18, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2021-22175: GitLab Webhook SSRF **What it is:** GitLab versions with webhook functionality enabled allow unauthenticated or low-privileged attackers to forge requests to internal network resources via the webhook feature, bypassing firewall restrictions intended to protect private infrastructure. **Impact:** An attacker can scan internal networks, access metadata services (AWS/GCP), retrieve sensitive data from internal APIs, or pivot to backend systems that should be unreachable from the internet. **What to do:** Update GitLab to patched versions (12.9.10, 13.0.10, 13.1.10, or later); disable webhooks if not required; implement network segmentation to restrict GitLab's outbound access; configure webhook URL validation to block private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8).

Official Description+

GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.

Affected Products

VendorProduct
GitLabGitLab

Patch Status

Patch by 2026-03-11

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2021-22175.

Related Coverage

Vvulnerability

CVE-2021-22175: GitLab Webhook SSRF Allows Internal Network Access via Malicious Requests

CVE-2021-22175 is an SSRF vulnerability in self-managed GitLab instances that allows authenticated attackers with webhook creation permissions to force the GitLab server to make requests to internal network resources, including databases, admin interfaces, and cloud metadata endpoints. The flaw bypasses network segmentation by using the GitLab server itself as a proxy. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of March 11, 2026.

CISA KEV·44d ago·3 min read