{"vulnerability": "cve-2026-44895", "sightings": [{"uuid": "9170a09b-769f-423a-8e91-b8b204684913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44895", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-8jr5-6gvj-rfpf", "content": "", "creation_timestamp": "2026-05-09T00:10:28.000000Z"}, {"uuid": "eb1c88ef-39cf-4e9c-9757-20faeece6f92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44895", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mms7an3cam2j", "content": "CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server < 0.6.0 exposes unauthenticated, mutation-capable RPC endpoints. Upgrade to 0.6.0+ now to secure GitLab access. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vulnerability #GitLab", "creation_timestamp": "2026-05-27T00:00:39.240457Z"}, {"uuid": "47158896-8a53-41a0-ad42-0daa3309d757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44895", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116643596586856381", "content": "\ud83d\udea8 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895", "creation_timestamp": "2026-05-27T00:00:39.355225Z"}]}