CVE-2026-25244

high Red Hat
CVSS v3 Base Score
8.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 65% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: May 18, 2026 (52 days ago)
Last Modified: May 18, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in WebdriverIO. A remote attacker can exploit a command injection vulnerability by crafting a malicious Git repository with a specially named branch. This branch name, containing shell metacharacters, is unsafely processed during test orchestration. This allows for remote code execution on affected systems, potentially leading to the disclosure of sensitive information, system compromise, and supply chain attacks.

CWE

CWE-78

Affected Products

Red Hat Hardened Images

References