QSearchQSearch

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows

Published: 2026-05-28 · Last updated: 2026-06-01

Severity and scoring

CWE
CWE-94

Description

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows for arbitrary script execution in the Tauri webview. Users that have not enabled forge integration are not at risk. This vulnerability is fixed in 0.19.7.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-24155 NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
  • CVE-2026-49774 Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
  • CVE-2026-48017 DbGate is cross-platform database manager (8.8 HIGH)
  • CVE-2026-48836 Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
  • CVE-2026-48124 Cursor is a code editor built for programming with AI