CVE-2026-44740

Published: Giu 01, 2026 Last Modified: Giu 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures. This issue has been patched in versions 5.9.0 and 6.0.0-alpha.1.

674

Uncontrolled Recursion

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Application Data
Applicable Platforms
All platforms may be affected
View CWE Details
835

Loop with Unreachable Exit Condition ('Infinite Loop')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Amplification
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/go-git/go-billy/releases/tag/v5.9.0
https://github.com/go-git/go-billy/releases/tag/v5.9.0
https://github.com/go-git/go-billy/releases/tag/v6.0.0-alph…
https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1
https://github.com/go-git/go-billy/security/advisories/GHSA…
https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6