CVE-2026-4496 | sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880 src/gitUtils.ts child_process.exec os command injection

A vulnerability classified as critical was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of the component show_merge_diff/quick_merge_summary/show_file_diff. The manipulation results in os command injection.

This vulnerability is cataloged as CVE-2026-4496. The attack must be initiated from a local position. Furthermore, there is an exploit available.

This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. It is advisable to implement a patch to correct this issue.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4496 | sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880 src/gitUtils.ts child_process.exec os command injection

Post correlati

CVE-2022-50647 | Linux Kernel up to 5.4.219/5.10.149/5.15.74/5.19.16/6.0.2 parport0 parport_pc_fifo_write_block_pio state issue

CVE-2025-59102 | Dormakaba Access Manager 92xx-k5 SOAP API backup cleartext storage

CVE-2024-0665 | WP Customer Area Plugin up to 8.2.2 on WordPress cross site scripting

CVE-2024-10322 | themefusecom Brizy Plugin up to 2.6.8 on WordPress REST API SVG File Upload cross site scripting