yoda-digital mcp-gitlab-server < 0.6.0 — no-auth SSE RPC endpoint bound to 0.0.0.0 with wildcard CORS exposes operator GitLab PAT (CVSS 4.0 = 9.2; GHSA-8jr5-6gvj-rfpf); noted in § 7 (niche package)
cve · CVE-2026-44895
Coverage timeline
0
first 2026-05-27 → last 2026-05-27
no data
Peak priority
—
no matching entries
Sources cited
0
0 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
ATT&CK techniques
0
no mapped behavior yet
Story timeline
No published entries reference this entity yet.
Entries about yoda-digital mcp-gitlab-server < 0.6.0 — no-auth SSE RPC endpoint bound to 0.0.0.0 with wildcard CORS exposes operator GitLab PAT (CVSS 4.0 = 9.2; GHSA-8jr5-6gvj-rfpf); noted in § 7 (niche package)
No published entry references this entity yet · entries match by registry key, by the entity's name or a public alias appearing in the entry title or body, or (for CVE entities) by exact CVE id.