Over 5,300 Gitlab servers exposed to zero-click account takeover attacks (opens in new tab)

CVSS 10... does not bypass MFA though at least. Still sucks for those who went the hosted option over SaaS.