The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in GitLab that is currently being actively exploited. The flaw, identified as CVE-2023-7028, allows attackers to take over accounts by sending password reset emails to unverified addresses. This vulnerability has led to the compromise of approximately 1,400 GitLab servers. CISA has urged users to update to the latest patched versions immediately to mitigate the risk. The issue has also been added to CISA's Known Exploited Vulnerabilities catalog, emphasizing the urgency and severity of the threat.