cbcvebase.
CVE-2026-44243
published 2026-05-07

CVE-2026-44243: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a…

PriorityP334high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
EPSS
0.42%
33.6th percentile
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
ansible-automation-platform-26controller-rhel9
ansible-automation-platform-26hub-rhel9
exploit-intelligence-tech-previewvulnerability-analysis-rhel9
gitpython-developersgitpython< 3.1.483.1.48
gitpython_projectgitpython< 3.1.483.1.48
gitpython_projectgitpython
gitpython_projectgitpython>= 0 < 3.1.483.1.48
mtamta-solution-server-rhel9
openshift4microshift-bootc-rhel9
pen-drivepen-drive-scanner-rhel9
rhaiisvllm-cpu-rhel9
rhaiisvllm-tpu-rhel9
rhelai3bootc-cuda-rhel9
rhelai3bootc-rocm-rhel9
rhelai3disk-image-cuda-rhel9
rhoaiodh-mlflow-rhel9
rhoaiodh-training-cuda128-torch29-py312-rhel9
rhoaiodh-trustyai-nemo-guardrails-server-rhel9
rhoaiodh-workbench-jupyter-datascience-cpu-py312-rhel9
rhoaiodh-workbench-jupyter-minimal-cpu-py312-rhel9
rhoaiodh-workbench-jupyter-minimal-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-minimal-rocm-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9
rhoaiodh-workbench-jupyter-pytorch-rocm-py312-rhel9

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv4.07.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.1HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.