Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

374 matches found

RedhatCVE
RedhatCVEβ€’added 6 days agoβ€’7 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References5
SUSE CVE
SUSE CVEβ€’added 2026/06/12 2:25 a.m.β€’6 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusβ€’added 2026/06/11 12:0 a.m.β€’7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

7.5CVSS7.4AI score0.00448EPSS
Exploits0References4
NVD
NVDβ€’added 2026/06/10 11:16 p.m.β€’21 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
OSV
OSVβ€’added 2026/06/10 11:16 p.m.β€’6 views

DEBIAN-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
OSV
OSVβ€’added 2026/06/10 11:16 p.m.β€’5 views

UBUNTU-CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References4
Snyk
Snykβ€’added 2026/06/10 11:12 p.m.β€’5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the porcelain.submoduleupdate module when handling attacker-controlled submodule paths from a crafted upstream repository without proper path validation. An attacker can achieve arbitrary code execution by crafti...

8.3CVSS6.1AI score0.00448EPSS
Exploits0References2
Vulnrichment
Vulnrichmentβ€’added 2026/06/10 10:13 p.m.β€’6 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
EUVD
EUVDβ€’added 2026/06/10 10:13 p.m.β€’7 views

EUVD-2026-36195

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
CVE
CVEβ€’added 2026/06/10 10:13 p.m.β€’15 views

CVE-2026-52726

Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.

7.5CVSS5.8AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelistβ€’added 2026/06/10 10:13 p.m.β€’27 views

CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS0.00448EPSS
Exploits0References2
Debian CVE
Debian CVEβ€’added 2026/06/10 10:13 p.m.β€’8 views

CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.8AI score0.00448EPSS
Exploits0
Drupal
Drupalβ€’added 2026/06/10 12:0 a.m.β€’9 views

Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the fileexample submodule can be used to expose any file that PHP can access. Therefore, the fileexample...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologiesβ€’added 2026/06/10 12:0 a.m.β€’13 views

PT-2026-48568

πŸ”΄ CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References4
CNNVD
CNNVDβ€’added 2026/06/10 12:0 a.m.β€’11 views

Dulwich θ·―εΎ„ιεŽ†ζΌζ΄ž

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.23.2 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the porcelain.submoduleupdate method not verifying the submodule paths properly. As a...

7.5CVSS5.6AI score0.00448EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEβ€’added 2026/05/31 8:4 a.m.β€’4 views

gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

...

8.5CVSS5.3AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVEβ€’added 2026/05/28 8:12 p.m.β€’10 views

CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References1
SUSE CVE
SUSE CVEβ€’added 2026/05/28 3:58 a.m.β€’13 views

SUSE CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusβ€’added 2026/05/28 12:0 a.m.β€’8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichmentβ€’added 2026/05/27 2:57 p.m.β€’8 views

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1
Rows per page
Query Builder