Home

Description

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit

PUBLISHED Reserved 2026-06-11 | Published 2026-06-24 | Updated 2026-06-24 | Assigner GitLab




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Problem types

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Product status

Default status
unaffected

1.8.10.0 (semver) before 2.19.0
affected

Credits

Gabriele Paris of NATO Cyber Security Centre finder

References

tortoisegit.org/issue/4269

gitlab.com/...ommit/7052e3ef61cd104f8a90fb3dcdfb403cbc8c1773

cve.org (CVE-2026-11968)

nvd.nist.gov (CVE-2026-11968)

Download JSON