Home / Vulnerability Intelligence / CVE-2026-28292

CVE-2026-28292 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

simple-git - Remote Code Execution

Published: March 10, 2026Updated: March 11, 2026Remote Exploitable

Overview

simple-git 3.15.0 through 3.32.2 contains a remote code execution vulnerability caused by bypassing prior CVE fixes, letting remote attackers execute arbitrary code on the host machine, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code on the host machine, leading to full system compromise.

Mitigation

Upgrade to version 3.23.0 or later.

References

Social Media Activity(1 post)

HackerWorkspace

@hackerworkspace

Mar 11, 2026

CVE-2026-28292: simple-git Remote Code Execution - Case-Sensitivity Bypass (CVSS 9.8) https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292 Short summary: https://hackerworkspace.com/article/cve-2026-28292-simple-git-remote-code-execution-case-sensitivity-bypass-cvss-9-8 #cybersecurity #vulnerability #exploit

View original post

Related Resources

Details

CVE ID: CVE-2026-28292
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: unconfirmed
EPSS: 7.3%
Social Posts: 1

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.3%Probability of exploitation in the next 30 days