A vulnerability, which was classified as critical, was found in yamadashy repomix up to 1.14.0. This vulnerability affects unknown code of the file src/core/git/gitCommand.ts of the component Git Command. Executing a manipulation of the argument –remote-branch can lead to injection.

This vulnerability is registered as CVE-2026-49987. It is possible to launch the attack remotely. No exploit is available.