GitLab Patches Critical Vulnerability Allowing Unauthenticated Wiki Page Malware Injection

GitLab has released security updates addressing multiple vulnerabilities, including a critical flaw that enables unauthenticated attackers to create Wiki pages containing malicious code. This vulnerability, which does not yet have an assigned CVE identifier according to the source, affects versions prior to the recently released patches. The risk stems from the ability to inject malware into publicly accessible or internal Wiki pages, potentially leading to client-side attacks such as cross-site scripting (XSS) when users view the compromised content. The fixes apply to both self-hosted and SaaS instances of GitLab, though there are currently no reports of active exploitation in the wild. Given GitLab's widespread use in DevOps and CI/CD pipelines, this vulnerability poses a significant risk if left unpatched, as attackers could leverage it to compromise developer workstations or internal systems. Organizations using GitLab should prioritize applying the latest security updates immediately to mitigate potential exposure. The lack of authentication requirements for exploitation underscores the urgency of patching, as it lowers the barrier for attackers to launch targeted campaigns.