Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-6951
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-25 Apr, 2026 | 05:00
Updated At-25 Apr, 2026 | 10:50
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still achieve remote code execution by enabling protocol.ext.allow=always and using an ext:: clone source.

Affected Products
Vendor
n/a
Product
simple-git
Versions
Affected
  • From 0 before 3.36.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ARemote Code Execution (RCE)
Type: N/A
CWE ID: N/A
Description: Remote Code Execution (RCE)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Kuycheu Kung
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15456078
N/A
https://gist.github.com/KKC73/02d1d97f3410756095b501fda0ac8ca6
N/A
https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15456078
Resource: N/A
Hyperlink: https://gist.github.com/KKC73/02d1d97f3410756095b501fda0ac8ca6
Resource: N/A
Hyperlink: https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15456078
exploit
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-15456078
Resource:
exploit
Details not found