Five Years Later, That Old GitLab Bug is Still Causing Headaches
Five Years Later, That Old GitLab Bug is Still Causing Headaches
You know that feeling when you’re cleaning out your garage and find something you thought you’d dealt with years ago? That’s exactly what happened this week when CISA had to issue warnings about not one, but several vulnerabilities that should have been ancient history by now.
The most frustrating example? A five-year-old GitLab vulnerability that’s suddenly back in the spotlight because attackers are actively exploiting it. CISA ordered federal agencies to patch their systems against this flaw, which means somewhere out there, government systems are still running unpatched GitLab instances from 2021. Let that sink in for a moment.
SolarWinds: The Gift That Keeps on Giving
If you thought we were done hearing about SolarWinds vulnerabilities, think again. This week brought news of a fresh critical flaw in SolarWinds Web Help Desk that’s already being exploited in the wild. The vulnerability, tracked as CVE-2025-40551 with a CVSS score of 9.8, is an untrusted data deserialization issue that allows unauthenticated remote code execution.
CISA wasted no time adding this one to their Known Exploited Vulnerabilities catalog, and honestly, I don’t blame them for being jumpy about anything SolarWinds-related. The fact that attackers are already exploiting this vulnerability tells us they’re watching SolarWinds products closely, probably because they know these systems are widely deployed and sometimes poorly maintained.
What makes this particularly concerning is the “unauthenticated” part. Attackers don’t need valid credentials or any kind of foothold – they can just show up at your door and walk right in. If you’re running SolarWinds Web Help Desk, this should be at the top of your patching priority list.
The Developer Ecosystem Under Siege
Meanwhile, the GlassWorm malware decided to make a comeback, and it’s targeting something we all depend on: the Open VSX marketplace. This self-replicating malware has been poisoning software components, turning legitimate development tools into infostealer delivery mechanisms.
What’s particularly nasty about GlassWorm is how it spreads. It doesn’t just infect one system and call it a day – it actively seeks out ways to replicate itself across the development ecosystem. Think of it as the malware equivalent of a networking event, except instead of exchanging business cards, it’s exchanging malicious code.
This hits close to home because so many of us rely on these extension marketplaces without thinking twice. We grab a useful-looking plugin, install it, and move on with our day. GlassWorm exploits that trust, and the downstream effects can be massive when infected components make their way into production applications.
WordPress: The Usual Suspect
On a slightly smaller scale but still significant, we’ve got a SQL injection vulnerability affecting the Quiz and Survey Master plugin that’s installed on about 40,000 WordPress sites. SQL injection in 2026 feels a bit like finding a fax machine in a modern office – outdated, but still capable of causing real damage.
The silver lining here is that 40,000 sites, while not trivial, is relatively contained compared to some WordPress plugin vulnerabilities we’ve seen. Still, if you’re running this plugin, you know what to do.
What This All Means for Us
Looking at this week’s vulnerabilities, I’m struck by a few patterns that we really need to address as a community. First, the persistence of old vulnerabilities is genuinely alarming. That five-year-old GitLab flaw should have been patched and forgotten long ago, but here we are in 2026 still dealing with it.
Second, the speed at which new vulnerabilities are being exploited is getting faster. The SolarWinds flaw was added to CISA’s KEV catalog almost immediately, suggesting attackers had exploits ready to go. This compressed timeline between disclosure and exploitation means our patch management processes need to be faster and more efficient.
Finally, the targeting of development tools and ecosystems shows that attackers understand the multiplier effect. Why compromise one system when you can poison a tool that will spread your malware to dozens or hundreds of downstream targets?
The reality is that our security posture is only as strong as our oldest, most forgotten system. Those GitLab instances from 2021 might seem like ancient history, but they’re very much a present-day problem if they’re still running and accessible.