CISA Adds GitLab SSRF and Dell RP4VMs Hard-coded Credentials Vulnerabilities to KEV Catalog

Active Exploitation Confirmed

The Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities catalog with two CVEs showing evidence of active exploitation in the wild. The additions target enterprise infrastructure components commonly deployed across federal and private sector networks.

The newly cataloged vulnerabilities include:

• CVE-2021-22175: GitLab Server-Side Request Forgery vulnerability
• CVE-2026-22769: Dell RecoverPoint for Virtual Machines hard-coded credentials vulnerability

Federal Remediation Requirements

Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate these vulnerabilities by CISA-specified deadlines. The directive establishes the KEV catalog as the authoritative list of CVEs posing significant risk to federal enterprise networks.

While BOD 22-01 applies specifically to federal agencies, CISA recommends all organizations prioritize KEV catalog vulnerabilities in their patch management cycles. The agency's KEV additions represent confirmed threat actor activity rather than theoretical risk assessments.

Attack Vector Analysis

The GitLab SSRF vulnerability enables attackers to force the application to make requests to arbitrary destinations, potentially exposing internal services or facilitating lateral movement. Server-side request forgeries remain attractive to threat actors for their ability to bypass network perimeter controls.

Dell's RecoverPoint hard-coded credential issue represents a fundamental authentication bypass, allowing unauthorized access to backup and disaster recovery systems. Such vulnerabilities in backup infrastructure pose particular risks given their privileged access to critical data.

Sources

• CISA Adds Two Known Exploited Vulnerabilities to Catalog