CVE-2021-22205CISA KEVEPSS p100.0%

CVE-2021-22205GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitLab / Community and Enterprise Editions

Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Scoring

EPSS99.73% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryGitLab Community and Enterprise Editions Remote Code Execution Vulnerabilitykev-cve-2021-222050%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
ExifTool Remote Code Execution Vulnerability
CVE
GitLab Server-Side Request Forgery (SSRF) Vulnerability
CVE
CVE-2025-12029
CVE
CVE-2025-6948
CVE
CVE-2026-3854
CVE
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.