CRITICAL
gitbutlerapp
CVE published 2026-05-28
CVE-2026-45261
A critical remote code execution vulnerability exists in GitButler desktop application versions prior to 0.19.7. The Tauri-based application fails to properly sanitize pull request body content, allowing an attacker to inject malicious links that execute arbitrary scripts in the Tauri webview when clicked. This vulnerability requires user interaction (clicking the malicious link) and affects only users wh [truncated]