High severity8.8NVD Advisory· Published Apr 25, 2018· Updated Jun 17, 2026
CVE-2018-5226
CVE-2018-5226
Description
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 2.5.5.0
- Range: unspecified
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/SRCTREEWIN-8509nvdVendor Advisory
News mentions
0No linked articles in our index yet.