vulnerability

Ubuntu: USN-8303-1 (CVE-2026-44243): GitPython vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:C/A:C)

Published

May 26, 2026

Added

May 27, 2026

Modified

May 27, 2026

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Solutions

ubuntu-pro-upgrade-python-gitubuntu-pro-upgrade-python-git-docubuntu-pro-upgrade-python3-git

References

CVE-2026-44243
https://attackerkb.com/topics/CVE-2026-44243
CWE-22
EUVD-EUVD-2026-28413
UBUNTU-USN-8303-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-28413

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report