CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/26 2:8 p.m.•35 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS0.00019EPSS

Vulnrichment•added 2026/05/26 2:8 p.m.•4 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

8.5CVSS6.2AI score0.00019EPSS

CNNVD•added 2026/05/26 12:0 a.m.•5 views

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

8.5CVSS6AI score0.00019EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-44471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit...

NVD•added 2026/05/13 10:16 p.m.•10 views

Exploits1References3

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS0.00006EPSS

OSV•added 2026/05/13 10:16 p.m.•5 views

DEBIAN-CVE-2026-44471

UbuntuCve•added 2026/05/13 10:16 p.m.•4 views

CVE-2026-44471

OSV•added 2026/05/13 10:16 p.m.•3 views

Exploits1References2

UBUNTU-CVE-2026-44471

Cvelist•added 2026/05/13 9:36 p.m.•28 views

Exploits1References3

CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout

7.8CVSS0.00006EPSS

Vulnrichment•added 2026/05/13 9:36 p.m.•4 views

CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout

Debian CVE•added 2026/05/13 9:36 p.m.•4 views

CVE-2026-44471

CVE•added 2026/05/13 9:36 p.m.•6 views

Exploits1

CVE-2026-44471

CVE-2026-44471 affects gitoxide prior to 0.21.1. A crafted tree can cause symlink prefix reuse during checkout, allowing an attacker-controlled symlink to be created into any writable directory via the worktree checkout flow. The vulnerability arises because certain cache/prefix handling in gix_f...

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/13 9:36 p.m.•4 views

CVE-2026-44471

Exploits1References2Affected Software1

CNNVD•added 2026/05/13 12:0 a.m.•5 views

gitoxide 后置链接漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.21.1 had a backlink vulnerability. This vulnerability stemmed from defects in the handling of symbolic link entries during the checkout process, which could allow attackers to create malicious tre...

OSV•added 2026/05/07 12:1 a.m.•3 views

GHSA-F89H-2FJH-2R9Q gix-fs: Symlink prefix-reuse allows worktree escape during checkout

Summary A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. Details During checkout, all symlink index entries are deferred and created after regular files using a...

7.8CVSS6.1AI score0.00006EPSS

Exploits1References3

Github Security Blog•added 2026/05/07 12:1 a.m.•4 views

gix-fs: Symlink prefix-reuse allows worktree escape during checkout

7.8CVSS6.1AI score0.00006EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/05/07 12:0 a.m.•5 views

PT-2026-38320

Name of the Vulnerable Software and Affected Versions gitoxide versions prior to 0.21.1 Description A malicious tree can be constructed that, when checked out, allows writing an attacker-controlled symlink into any directory where the user has write access. This occurs because gix fs::Stack::make...