CVE-2021-22214

MEDIUM EXPLOITED NUCLEI

GitLab 10.5-13.10.4 - Unauthenticated Server-Side Request Forgery via Webhook Internal Network Requests

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-22214 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including ZZ-SOCMAP, aaminin, Vulnmachines. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2021-22214, a GitLab SSRF vulnerability, by sending a crafted JSON payload to the '/api/v4/ci/lint' endpoint, triggering an outbound request to a controlled DNS host. The script checks the response for evidence of the SSRF by verifying if the DNS host appears in the error message.

Description

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

Exploits (4)

nomisec WORKING POC 10 stars
by ZZ-SOCMAP · poc
https://github.com/ZZ-SOCMAP/CVE-2021-22214

This PoC exploits CVE-2021-22214, a GitLab SSRF vulnerability, by sending a crafted JSON payload to the '/api/v4/ci/lint' endpoint, triggering an outbound request to a controlled DNS host. The script checks the response for evidence of the SSRF by verifying if the DNS host appears in the error message.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: GitLab (versions affected by CVE-2021-22214)
No auth needed
Prerequisites: Network access to the GitLab instance · A controlled DNS host to detect the SSRF callback
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by aaminin · infoleak
https://github.com/aaminin/CVE-2021-22214

This repository contains a functional Python script that exploits CVE-2021-22214, an unauthenticated SSRF vulnerability in GitLab's CI Lint API. The exploit sends a crafted request to the API endpoint, triggering an SSRF to a specified DNS host for verification.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: GitLab (versions affected by CVE-2021-22214)
No auth needed
Prerequisites: Network access to the target GitLab instance · A DNS host or service to verify the SSRF
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by Vulnmachines · infoleak
https://github.com/Vulnmachines/gitlab-cve-2021-22214

The repository contains no exploit code or technical details about CVE-2021-22214, only social media links and promotional content. This is characteristic of a social engineering lure rather than a legitimate PoC.

Classification
Suspicious 90%
Attack Type
Ssrf
Complexity
Theoretical
Reliability
Theoretical
Target: GitLab
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/antx-code/cve-2021-22214

This PoC exploits CVE-2021-22214, a GitLab SSRF vulnerability, by sending a crafted JSON payload to the CI lint API endpoint, triggering an outbound request to a specified DNS host for verification.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: GitLab (versions affected by CVE-2021-22214)
No auth needed
Prerequisites: Access to the GitLab instance's API endpoint
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Gitlab CE/EE 10.5 - Server-Side Request Forgery
HIGHby Suman_Kar,GitLab Red Team
Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"
FOFA: title="gitlab"

References (3)

Core 3
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1110131

Scores

CVSS v3 6.8
EPSS 0.9366
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-12
CWE
CWE-918
Status published
Products (1)
gitlab/gitlab 10.5 - 13.10.5
Published Jun 08, 2021
Tracked Since Feb 18, 2026