CVE-2026-45571 in go-gitinfo

Zusammenfassung

von MITRE • 27.05.2026

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

12.05.2026

Veröffentlichung

27.05.2026

Moderieren

akzeptiert

Eintrag

VDB-366379

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

5.4 (CNA)

EPSS

0.00013

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45571
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45571
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45571/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!