Linux Distros Unpatched Vulnerability : CVE-2026-44244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser...

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...

Cursor < 2.5 RCE (GHSA-8pcm-8jpx-hv8r)

The version of Cursor installed on the remote host is prior to 2.5. It is, therefore, affected by a remote code execution vulnerability: - A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox remote code...

CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

Exploit for OS Command Injection in Gitea

Gitea Git Hooks RCE CVE-2020-14144 OffsecProvingGrounds P...

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268

Cursor code editor contains a sandbox-escape vulnerability: prior to v2.5, a malicious agent could write to protected .git settings (including hooks), enabling out-of-sandbox RCE on next trigger without user interaction. Affected versions are before 2.5; fix is in 2.5. CVSSv3.1 metrics indicate h...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

CVE-2026-26268 Cursor sandbox escape via Git hooks

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

PT-2026-8013

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.5 Description A sandbox escape allows for remote code execution RCE when the AI agent autonomously performs Git operations. A malicious actor can hide scripts within hidden Git hooks in nested bare repositories or us...

Exploit for Path Traversal in Gogs

Affected Software: Gogs self‑hosted Git service versions pri...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the SettingsGitHooksEdit function, accessible via the name parameter to the /username/reponame/settings/hooks/git endpoint. An admin user with AllowGitHook privilege can read and write arbitrary files on the serve...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the SettingsGitHooksEdit function, accessible via the name parameter to the /username/reponame/settings/hooks/git endpoint. An admin user with AllowGitHook privilege can read and write arbitrary files on the serve...

CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

PT-2026-6863

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to insufficient restriction of Git configuration values, where workflows using the Git node can set core.hooksPath to a malicious location, causing arbitrary commands to execute on the n8n host via crafted Git hooks during...

Unsafe Dependency Resolution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...