CVE-2026-28292 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass…
Critical CVSS: 9.8

CVE-2026-28292

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.
Vendor
Simple-git Project
Product
Simple-git
CWE
CWE-78
Yayın Tarihi
2026-03-10 19:17:20
Güncelleme
2026-03-12 17:09:44
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Simple-git CRITICAL Simple-git Project 2026

Referanslar

https://github.com/steveukx/git-js/commit/f7042088aa2dac59e3c49a84d7a2f4b26048a257 https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292