cbcvebase.
CVE-2026-41506
published 2026-05-08

CVE-2026-41506: go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication…

high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.

Affected

200 ranges· showing 25
VendorProductVersion rangeFixed in
advanced-cluster-securityrhacs-main-rhel8
advanced-cluster-securityrhacs-rhel8-operator
advanced-cluster-securityrhacs-roxctl-rhel8
advanced-cluster-securityrhacs-scanner-rhel8
advanced-cluster-securityrhacs-scanner-slim-rhel8
advanced-cluster-securityrhacs-scanner-v4-rhel8
anchoresyft
ansible-automation-platform-24aap-must-gather-rhel8
ansible-automation-platform-25aap-must-gather-rhel8
ansible-automation-platform-26aap-must-gather-rhel9
aquasecuritytrivy
assistedagent-preinstall-image-builder-rhel9
container-native-virtualizationbridge-marker-rhel9
container-native-virtualizationcluster-network-addons-operator-rhel9
container-native-virtualizationcnv-containernetworking-plugins-rhel9
container-native-virtualizationcnv-must-gather-rhel8
container-native-virtualizationcnv-must-gather-rhel9
container-native-virtualizationhyperconverged-cluster-operator-rhel9
container-native-virtualizationhyperconverged-cluster-webhook-rhel9
container-native-virtualizationkubemacpool-rhel9
container-native-virtualizationkubesecondarydns-rhel9
container-native-virtualizationkubevirt-tekton-tasks-create-datavolume-rhel9
container-native-virtualizationkubevirt-tekton-tasks-disk-virt-customize-rhel9
container-native-virtualizationmultus-dynamic-networks-rhel9
container-native-virtualizationovs-cni-plugin-rhel9