Quickfire Cyber Bulletin June 5, 2026
← Back

CVE-2021-22205

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

High

Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Scores & Signals

EPSS score 0.9447 (100.0th percentile)
CISA KEV Yes — actively exploited (added 2021-11-03) · due 2021-11-17
Affected GitLab Community and Enterprise Editions

Sources

External references

Risk scores are deterministic, based on public signals only. They are informational context, not a final verdict. Always consult vendor advisories before taking action.