Authentication Vulnerability in GitLab MCP Server Exposes Sensitive Operations
CVE-2026-44895

9.2CRITICAL

Key Information:

Vendor: Yoda-digital
Status: Mcp-gitlab-server
Vendor: CVE Published:; 26 May 2026

🔔 Create Yoda-digital Vulnerability Alert

What is CVE-2026-44895?

The GitLab MCP Server prior to version 0.6.0 contains a significant authentication vulnerability, allowing unauthorized AI agents to communicate directly with GitLab. The server's HTTP transport is devoid of any authentication layer, combined with a permissive Access-Control-Allow-Origin header, which opens it to cross-origin attacks. This structural flaw enables the SSE server to create a stateful, mutation-capable RPC endpoint that operates with the operator's personal access token, without requiring any inbound credential checks. Furthermore, the server configuration default binds to all network interfaces, exposing this unprotected functionality broadly. This vulnerability underscores the importance of implementing stringent authentication measures and restricting access to sensitive operations.

Affected Version(s)

mcp-gitlab-server < 0.6.0

References

https://github.com/yoda-digital/mcp-gitlab-server/securit...

x_refsource_CONFIRM

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44895 Data

JSON