What is the authoritative source for CVE-2021-39904?

CVE-2021-39904 (CVE-2021-39904) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2021-39904EPSS p52.3%

CVE-2021-39904CVE-2021-39904

gitlab / gitlab

Description

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

Scoring

CVSS	4.3 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS	0.81% probability of exploitation · percentile 52.3% · 2026-06-18T12:00:27Z
Last modified	2026-06-12

Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.