CVE-2026-41506

NameCVE-2026-41506
Descriptiongo-git is an extensible git implementation library written in pure Go. ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-go-git-go-git (PTS)bookworm5.4.2-3vulnerable
trixie5.14.0-1vulnerable
forky, sid5.17.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-go-git-go-gitsource(unstable)(unfixed)

Notes

https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963
Fixed by: https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53 (v5.18.0)
Search for package or bug name: Reporting problems