CVE-2026-45571 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-45571 at MITRE

Description

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`flux2-cli >= 2.8.8-1.1` `flux2-cli-bash-completion >= 2.8.8-1.1` `flux2-cli-fish-completion >= 2.8.8-1.1` `flux2-cli-zsh-completion >= 2.8.8-1.1`	Patchnames: openSUSE-Tumbleweed-2026-10831

SUSE Timeline for this CVE

CVE page created: Fri May 22 12:40:04 2026
CVE page last modified: Wed May 27 21:29:17 2026