CVE-2026-44243

CVE Database · CVE-2026-44243

CVE-2026-44243

· HIGHAnalyzed

CVSS v3.1

7.1

CVSS v4.0

7.8

EPSS

0.34%

Published

May 7, 2026

Modified

May 7, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Weaknesses (CWE)

CWE-22

Affected Products (1)

gitpython_project · gitpython (up to 3.1.48)vulnerable

References (3)

https://github.com/gitpython-developers/GitPython/releases/tag/3.1.48

PatchRelease Notes

https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24

ExploitMitigationVendor Advisory

https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24

ExploitMitigationVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs