CVE-2021-22175
MEDIUM KEV NUCLEIGitLab 10.5.0-13.6.6 - Unauthenticated Server-Side Request Forgery via Webhook Internal Network Requests
Title source: llmExploitation Summary
CVE-2021-22175 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 18, 2026. A Nuclei detection template is also available.
Description
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
Nuclei Templates (1)
GitLab CI Lint API - Server-Side Request Forgery
HIGHVERIFIEDby 0x_Akoko
Shodan:
http.title:"GitLab"
FOFA:
app="GitLab"
References (4)
Core 4
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/294178
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1059596
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22175
Scores
CVSS v3
6.8
EPSS
0.8273
EPSS Percentile
99.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2026-02-18
VulnCheck KEV
2025-03-11
ENISA EUVD
EUVD-2021-9321
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
10.5.0 - 13.6.7 (2 CPE variants)
Published
Jun 11, 2021
KEV Added
Feb 18, 2026
Tracked Since
Feb 18, 2026