HIGH
gitoxide
CVE published 2026-05-26
CVE-2026-40034
CVE-2026-40034 is a high-severity command injection vulnerability in gix-submodule versions prior to 0.82.0. The flaw stems from improper validation of the `update` field in `.gitmodules` files, allowing attackers to bypass the `CommandForbiddenInModulesConfiguration` security guard. When a submodule has been initialized with only partial configuration in `.git/config`, an attacker can inject arbitrary sh [truncated]