59 matches found
CVE-2026-8765
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...
CVE-2026-40068
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2026-8765 Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...
CVE-2026-8765 Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It...
CVE-2026-8765
The CVE-2026-8765 entry concerns Kilo-Org kilocode up to version 7.0.47. It affects the Bun.file function in packages/opencode/src/kilocode/review/worktree-diff.ts of the File Diff API Endpoint. The underlying issue is a path traversal vulnerability caused by manipulating the File argument, allow...
CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...
CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...
CVE-2026-44471
CVE-2026-44471 affects gitoxide prior to 0.21.1. A crafted tree can cause symlink prefix reuse during checkout, allowing an attacker-controlled symlink to be created into any writable directory via the worktree checkout flow. The vulnerability arises because certain cache/prefix handling in gix_f...
GHSA-F89H-2FJH-2R9Q gix-fs: Symlink prefix-reuse allows worktree escape during checkout
Summary A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. Details During checkout, all symlink index entries are deferred and created after regular files using a...
gix-fs: Symlink prefix-reuse allows worktree escape during checkout
Summary A malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. Details During checkout, all symlink index entries are deferred and created after regular files using a...
CVE-2026-40068
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
EUVD-2026-27502
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...
CVE-2026-40068
CVE-2026-40068 affects Claude Code versions 2.1.63–2.1.83. The vulnerability arises from trusting the git worktree commondir file without validating its contents, allowing a crafted repository to point to a previously trusted path. This could bypass the trust dialog and cause immediate execution ...
GHSA-PG4W-G64P-QWHJ gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
PT-2026-38896
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
Claude Code 输入验证错误漏洞
Claude Code is a native AI programming tool developed by Anthropic. In versions 2.1.63 to 2.1.83 of Claude Code, there is a vulnerability related to input validation errors. This vulnerability arises from the lack of validation for the content of the git worktree commondir file in the folder trus...
Arbitrary Command Injection
Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...