CVE-2021-22175 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2021-06-11

Added to CISA KEV: 2026-02-18 1713 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review GitLab logs for suspicious webhook requests, check for unauthorized internal network access, verify system integrity
Immediately upgrade GitLab to version 13.6.7+, 13.7.7+, or 13.8.4+ depending on your current branch
Review webhook configurations and disable internal network requests if not required
Monitor GitLab access logs for unusual SSRF attempts targeting internal resources
Implement network segmentation to limit internal network exposure from GitLab instances
Patch priority: CRITICAL - Apply immediately due to active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2021-22175 is a Server-Side Request Forgery (SSRF) vulnerability affecting GitLab ^[2].

Vulnerability Overview

Nature of Vulnerability: The issue is a Server-Side Request Forgery (SSRF) flaw ^[1].
Attack Method & Requirements:

* Exploitation: It can be exploited by an unauthenticated attacker ^[2]. * Conditions: The vulnerability is specifically exploitable when requests to the internal (local) network are enabled for webhooks or integrations ^[2] ^[1]. * User Interaction: No user interaction is required for successful exploitation ^[2].

Impact: Successful exploitation allows an attacker to coerce the GitLab server into making unauthorized network requests to internal resources that should otherwise be inaccessible ^[1].

Affected Versions & Mitigation

Affected Versions: The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) across multiple versions, starting from 10.5.0 up to 13.6.6 ^[3].
Patch/Mitigation Status: Users are advised to update to a patched version of GitLab. As a mitigation, administrators can restrict outbound requests to the internal network within the GitLab configuration settings to prevent the server from being used to probe internal infrastructure ^[1].

Threat Landscape

Active Exploitation & Ransomware: There is no widespread public documentation indicating that this specific CVE has been a primary vector for major ransomware campaigns or targeted attacks in the same manner as high-profile remote code execution (RCE) vulnerabilities.
Exploit Availability: While technical details and PoC-style information regarding the SSRF mechanism are available in security advisories, it is not typically cited as having widely distributed, "off-the-shelf" exploit tools used by threat actors compared to more critical RCE vulnerabilities.

Sources

CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability
CVE-2021-22175 is an unauthenticated GitLab SSRF issue tied to the CI Lint API and outbound request settings. See affected versions, fixes, and mitigations. ... CVE-2021-22175 is a GitLab server-side request forgery (SSRF) flaw that can be triggered by an unauthenticated attacker under specific outb…
CVE-2021-22175 Detail - NVD
A server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker. ... Official websites use .gov A .gov website belongs to an official government organization in the United States.
CVE-2021-22175 | Medium Vulnerability in GitLab
The vulnerability affects GitLab across multiple versions, specifically from 10.5.0 to 13.6.6 for community and enterprise editions, as well as ...