CRITICAL
steveukx
CVE published 2026-03-10
CVE-2026-28292
CVE-2026-28292 is a critical vulnerability in Simple-Git, a widely-used interface for running git commands in Node.js applications. The vulnerability, with a CVSS score of 9.8, allows an attacker to bypass previous fixes for CVE-2022-25860 and CVE-2022-25912, achieving full remote code execution on the host machine. The issue affects versions 3.15.0 through 3.32.2 of Simple-Git. An updated fix is availabl [truncated]