{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52726", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-08T14:00:43.571Z", "datePublished": "2026-06-10T22:13:33.320Z", "dateUpdated": "2026-06-11T12:55:09.309Z"}, "containers": {"cna": {"title": "Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544"}, {"name": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"}], "affected": [{"vendor": "jelmer", "product": "dulwich", "versions": [{"version": ">= 0.23.2, < 1.2.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-10T22:13:33.320Z"}, "descriptions": [{"lang": "en", "value": "Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `dulwich` command that invokes the matching hook, resulting in arbitrary code execution. This is the dulwich equivalent of the upstream Git fixes for CVE-2024-32002 / CVE-2024-32004, which were never propagated into dulwich's separately implemented submodule porcelain. Version 1.2.5 patches the issue."}], "source": {"advisory": "GHSA-gfhv-vqv2-4544", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-11T12:54:26.026132Z", "id": "CVE-2026-52726", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T12:55:09.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-52726", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-11T12:54:26.026132Z"}}}], "references": [{"url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T12:54:16.448Z"}}], "cna": {"title": "Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload", "source": {"advisory": "GHSA-gfhv-vqv2-4544", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "jelmer", "product": "dulwich", "versions": [{"status": "affected", "version": ">= 0.23.2, < 1.2.5"}]}], "references": [{"url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "name": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "name": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `dulwich` command that invokes the matching hook, resulting in arbitrary code execution. This is the dulwich equivalent of the upstream Git fixes for CVE-2024-32002 / CVE-2024-32004, which were never propagated into dulwich's separately implemented submodule porcelain. Version 1.2.5 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-10T22:13:33.320Z"}}}, "cveMetadata": {"cveId": "CVE-2026-52726", "state": "PUBLISHED", "dateUpdated": "2026-06-11T12:55:09.309Z", "dateReserved": "2026-06-08T14:00:43.571Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-10T22:13:33.320Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `dulwich` command that invokes the matching hook, resulting in arbitrary code execution. This is the dulwich equivalent of the upstream Git fixes for CVE-2024-32002 / CVE-2024-32004, which were never propagated into dulwich's separately implemented submodule porcelain. Version 1.2.5 patches the issue."}], "id": "CVE-2026-52726", "lastModified": "2026-06-11T15:21:07.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-06-10T23:16:50.143", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"}, {"source": "security-advisories@github.com", "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "dulwich: Dulwich: Arbitrary code execution via crafted Git submodules", "id": "2487769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487769"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the attacker-controlled content is written into the victim's Git hooks directory. Subsequent Git or Dulwich commands can then execute these malicious files, leading to system compromise."], "name": "CVE-2026-52726", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-27/controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-27/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "resource-agents", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-kserve-agent-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-autogluon-server-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-kserve-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-kserve-router-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-storage-initializer-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "python-dulwich", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "python-dulwich", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-06-10T22:13:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52726\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52726\nhttps://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5\nhttps://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544"], "statement": "Red Hat product security classifies this bug as Important as this bug can be triggered by the victim merely by cloning a maliciours repository. The attacker is however unable to trigger any executable without subsequent actions by the victim. Users should pay attention to any binaries that are cloned over as this is not normal and not clone untrusted repositories.\nThere is no loss of integrity and confidentiality loss can be minimal depending on the due diligence executed by the user so the CVSS score is rated lower even though this bug is classified as Important.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.23.2,1.2.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "dulwich", "source": "cna", "vendor": "jelmer"}, "product": "dulwich", "vendor": "jelmer"}], "created": "2026-06-10T23:30:44.129020+00:00", "updated": "2026-06-11T10:40:36.006645+00:00", "vendors": ["jelmer", "jelmer$PRODUCT$dulwich"]}