CVE-2026-45571

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: low

Description

AI Translation Available

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://github.com/go-git/go-git/security/advisories/GHSA-c…

https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96

CVE-2026-45571

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter