PatchSiren cyber security CVE debrief
CVE-2021-39935 GitLab CVE debrief
CVE-2021-39935 is a server-side request forgery (SSRF) vulnerability affecting GitLab Community and Enterprise Editions. CISA lists it in the Known Exploited Vulnerabilities catalog, so defenders should treat it as actively exploited and prioritize remediation. The supplied corpus does not include affected version ranges or CVSS scoring, so version-specific exposure should be confirmed against the official CVE/NVD and vendor references.
- Vendor
- GitLab
- Product
- Community and Enterprise Editions
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-02-03
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-02-03
Who should care
Administrators, security teams, and platform owners running GitLab Community and Enterprise Editions, especially self-managed deployments that can reach internal or external network resources and teams responsible for patching or compensating controls.
Technical summary
The official records identify CVE-2021-39935 as an SSRF issue in GitLab Community and Enterprise Editions. CISA’s KEV entry indicates known exploitation and links to the vendor security release and NVD record. The supplied source set does not provide exploit mechanics, affected versions, or impact details beyond the SSRF classification, so remediation decisions should rely on the official vendor advisory and NVD entry for version guidance.
Defensive priority
Immediate
Recommended defensive actions
- Review the official GitLab security release and the NVD record referenced by CISA to confirm affected versions and fixes.
- Patch or upgrade all affected GitLab Community and Enterprise Editions instances as soon as possible.
- Inventory every GitLab deployment, including self-managed and externally reachable instances, and prioritize remediation for the most exposed systems.
- Apply vendor-recommended mitigations if immediate upgrading is not possible; if mitigations are unavailable, follow CISA guidance for discontinuing use or replacing the product.
- Review logs and outbound network activity for unusual server-side requests consistent with SSRF abuse, and investigate any anomalies.
Evidence notes
The supplied source item is a CISA Known Exploited Vulnerabilities record for CVE-2021-39935. It identifies the product as GitLab Community and Enterprise Editions, classifies the issue as SSRF, and sets dateAdded to 2026-02-03 with dueDate to 2026-02-24. The KEV notes reference the GitLab security release at https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ and the NVD detail page. No CVSS score or affected version range is included in the supplied corpus.
Official resources
-
CVE-2021-39935 CVE record
CVE.org
-
CVE-2021-39935 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Public debrief prepared from the supplied CISA KEV record and official CVE/NVD references only; no exploit code, weaponized reproduction, or unsupported claims included.