U .S. Cybersecurity and Infrastructure Security Agency (CISA) has added two flaws to its Known Exploited Vulnerabilities catalog, one in GitLab Server-Side Request Forgery (SSRF) tracked as CVE-2021-22175 and one in Dell RecoverPoint for Virtual Machines (RP4VMs) tracked as CVE-2026-22769.
The GitLab SSRF vulnerability is listed with a CVSS score of 6.8 and can be exploited by an unauthenticated attacker when webhooks to the internal network are enabled, even on GitLab instances with registration disabled, according to the advisory.
The Dell RP4VMs flaw involves hard-coded credentials and was described by Google Threat Intelligence Group and Mandiant as being exploited since mid-2024, with a CVSSv3.1 score of 10.0, and linked to the UNC6201 threat cluster; attackers have used it to move laterally and deploy malware including SLAYSTYLE, BRICKSTORM and a backdoor named GRIMBOLT, according to Google’s Threat Intelligence report cited in the article.
Threat activity surrounding these flaws has included advanced techniques such as Ghost NICs and iptables-based Single Packet Authorization, and officials urge federal agencies to patch by 21 February 2026 and private organisations by 11 March 2026, according to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
GreyNoise had observed exploitation attempts in March 2025, suggesting attackers were using Grafana as an entry point prior to the SSRF surge, the article notes.