debian · CVE-2026-41506

Quick triage

Priority: not yet assigned Published: Updated: Fri, 17 Jul 2026 14:09:35 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-41506 not yet assigned priority: Debian including 2 source packages (golang-github-go-git-go-git, golang-github-go-git-go-git-v6), 6 status rows across 4 suites (bookworm, forky, sid, trixie): open 3, resolved 3.

Description:

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.

cvelogic Threat Intelligence