CVE-2021-22175

ENISA EUVD: EUVD-2021-9321 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 2 articles Published: 2021-06-11
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
79.98%
probability
This CVE has a 79.98% probability of being exploited in the next 30 days.
0% Top 99.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
6.8
MEDIUM
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS v2 (legacy)

6.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Affected Products

GitLab
GitLab
>=10.5, <13.6.7 >=13.7, <13.7.7 >=13.8, <13.8.4

Attack Intelligence

Signal Intelligence

Confidence
75%
EPSS 79.98%
CVSS v3.1 6.8
Mentions 2
Last Seen Feb 18, 2026

CNA Information

CNA Assigner
GitLab

Analyst Note

CVE-2021-22175 was added to CISA's Known Exploited Vulnerabilities Catalog, indicating active exploitation in the wild. Published June 2021 with evidence of real-world attacks, this meets the zero-day criteria of in-the-wild exploitation. However, the lack of explicit timing confirmation that exploitation preceded patch availability and absence from Project Zero slightly tempers confidence.

Threat Actors 1

Lotus Blossom
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026
Published DateJun 11, 2021