Home / Vulnerability Intelligence / CVE-2026-44243

CVE-2026-44243 - Vulnerability Analysis

HighCVSS: 7.1

Last Updated: May 7, 2026

GitPython - Path Traversal

Published: May 7, 2026Updated: May 7, 2026PoC Available

Overview

GitPython < 3.1.48 contains a path traversal caused by insufficient validation of reference paths in reference creation, rename, and delete operations, letting attackers write, overwrite, move, or delete files outside the .git directory, exploit requires attacker to supply crafted reference paths.

Severity & Score

Severity: High

CVSS Score: 7.1

Impact

Attackers can modify or delete files outside the repository, potentially leading to data loss or system compromise.

Mitigation

Update to version 3.1.48 or later.

References

https://github.com/gitpython-developers/GitPython/releases/tag/3.1.48
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-44243
Severity: High
CVSS Score: 7.1
Type: path_traversal
Status: confirmed

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H