CVE-2026-44243

HighPublic PoC

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0010 26.4th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files…

outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-22

Affected Products

gitpython project

gitpython

≤ 3.1.48

References

https://github.com/gitpython-developers/GitPython/releases/tag/3.1.48
Patch, Release Notes · security-advisories@github.com
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24
Exploit, Mitigation, Vendor Advisory · security-advisories@github.com
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24
Exploit, Mitigation, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0