DEBIAN-CVE-2026-41506
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 08 May 2026, 14:16
Last modified:02 Jun 2026, 18:00
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.4 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 May 2026, 14:16
Published
Vulnerability first disclosed
02 Jun 2026, 18:00
Last Modified
Vulnerability information updated
Description
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.
CVSS Metrics
- v3.1•HIGH•Score: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected Systems
- debian•golang-github-go-git-go-git
all | all | all | < 5.19.1-1
- debian•golang-github-go-git-go-git-v6
all