CVE-2026-28291

high

Red Hat

CVSS v3 Base Score

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 13, 2026 (30 days ago)

Last Modified: April 13, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in simple-git, a JavaScript library for running native Git commands. An attacker could exploit this vulnerability by manipulating Git options, bypassing existing safety checks. This incomplete fix for a previous vulnerability allows for the execution of arbitrary commands, leading to potential system compromise.

CWE

CWE-78

Affected Products

Red Hat Build of KeycloakRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Process Automation 7

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-28291

Vulnerability Report

Description

CWE

Affected Products

References