A vulnerability, which was classified as problematic, has been found in repomix up to 1.14.0. This affects the function isValidRemoteValue of the file src/core/git/gitRemoteParse.ts of the component Git Clone Endpoint. The manipulation leads to file inclusion.

This vulnerability is referenced as CVE-2026-59703. Remote exploitation of the attack is possible. No exploit is available.