CVE-2026-44243: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in gitpython-developers GitPython
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.
AI Analysis
Technical Summary
GitPython, a Python library for interacting with Git repositories, has a path traversal vulnerability (CWE-22) in versions before 3.1.48. The vulnerability arises from improper validation of reference paths used in reference creation, rename, and delete operations, enabling an attacker who can supply crafted reference paths to manipulate files outside the repository's .git directory. This can lead to unauthorized file write, overwrite, move, or deletion. The vulnerability is rated high severity with a CVSS 4.0 score of 7.8 and has been patched in GitPython version 3.1.48.
Potential Impact
Exploitation of this vulnerability allows an unauthenticated attacker to perform unauthorized file system operations outside the intended .git directory, potentially leading to data corruption, loss, or unauthorized modification of files on the host system. This can compromise the integrity of the system or application using GitPython. No public exploits are currently known.
Mitigation Recommendations
Upgrade GitPython to version 3.1.48 or later, where this path traversal vulnerability has been patched. There is no indication of alternative mitigations or temporary fixes. Users should verify they are not using affected versions to prevent exploitation.
CVE-2026-44243: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in gitpython-developers GitPython
Description
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
GitPython, a Python library for interacting with Git repositories, has a path traversal vulnerability (CWE-22) in versions before 3.1.48. The vulnerability arises from improper validation of reference paths used in reference creation, rename, and delete operations, enabling an attacker who can supply crafted reference paths to manipulate files outside the repository's .git directory. This can lead to unauthorized file write, overwrite, move, or deletion. The vulnerability is rated high severity with a CVSS 4.0 score of 7.8 and has been patched in GitPython version 3.1.48.
Potential Impact
Exploitation of this vulnerability allows an unauthenticated attacker to perform unauthorized file system operations outside the intended .git directory, potentially leading to data corruption, loss, or unauthorized modification of files on the host system. This can compromise the integrity of the system or application using GitPython. No public exploits are currently known.
Mitigation Recommendations
Upgrade GitPython to version 3.1.48 or later, where this path traversal vulnerability has been patched. There is no indication of alternative mitigations or temporary fixes. Users should verify they are not using affected versions to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-05T16:33:55.843Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fcdf2dcbff5d86101f12f9
Added to database: 5/7/2026, 6:51:25 PM
Last enriched: 5/7/2026, 7:06:38 PM
Last updated: 5/7/2026, 8:06:01 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.