CISA Warns of Active Exploitation of GitLab Vulnerability

CISA added CVE-2026-4022 to its Known Exploited Vulnerabilities catalog after observing active attacks on GitLab servers.

Federal civilian agencies have 14 days to patch or mitigate the flaw, which enables account takeover.

Self-hosted users on versions below 17.10 are most at risk.