Skip to main content
CVE-2026-44895 CRITICAL PATCH GHSA Act Now

Unauthenticated remote access to GitLab API operations via gitlab-mcp-server's SSE transport allows attackers to execute all 86 exposed GitLab management tools-including repository deletion, file modification, and configuration changes-using the operator's Personal Access Token. When configured with USE_SSE=true (a documented feature), the Node.js server binds to 0.0.0.0 with wildcard CORS headers, enabling both network-adjacent attackers and malicious web pages to invoke destructive operations without credentials. Public exploit code demonstrates the attack path from initial SSE connection through authenticated GitLab API calls. Patch version 0.6.0 addresses the authentication bypass per GitHub advisory GHSA-8jr5-6gvj-rfpf.

Authentication Bypass Node.js Gitlab
NVD GitHub
CVSS 4.0
9.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy