PatchSiren

steveukx CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL steveukx CVE published 2026-03-10

CVE-2026-28292

CVE-2026-28292 is a critical vulnerability in Simple-Git, a widely-used interface for running git commands in Node.js applications. The vulnerability, with a CVSS score of 9.8, allows an attacker to bypass previous fixes for CVE-2022-25860 and CVE-2022-25912, achieving full remote code execution on the host machine. The issue affects versions 3.15.0 through 3.32.2 of Simple-Git. An updated fix is availabl [truncated]