๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2021-22175: GitLab Server-Side Request Forgery (SSRF) Vulnerability
Summary
GitLab has a server-side request forgery vulnerability (SSRF, a flaw that allows attackers to make requests to internal networks on behalf of the server) that can be triggered when webhook functionality is enabled. This vulnerability is actively being exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 73.5%
๐ฅ Actively Exploited
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-22175
First tracked: February 18, 2026 at 03:00 PM
Classified by LLM (prompt v3) ยท confidence: 65%