High severity7.1NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-44243

Description

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
GitPythonPyPI	< 3.1.48	3.1.48

Affected products

Pachno/Gitpythoninferred
Range: <=3.1.46
Package: https://pypi.org/project/gitpython
Gitpython Project/Gitpython
cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*
Range: <3.1.48

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gitpython-developers/GitPython/releases/tag/3.1.48nvdPatchRelease NotesWEB
github.com/gitpython-developers/GitPython/security/advisories/GHSA-7545-fcxq-7j24nvdExploitMitigationVendor AdvisoryWEB
github.com/advisories/GHSA-7545-fcxq-7j24ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-44243ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000