Untrusted search path in GitHub CLI - #VU131750

 

Untrusted search path in GitHub CLI - #VU131750

Published: November 11, 2020 / Updated: May 18, 2026


Vulnerability identifier: #VU131750
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: GitHub CLI
Affected software:
GitHub CLI

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper search path control in git executable resolution when invoking git from the current working directory on Windows. A local user can place a malicious git.exe or git.bat in the current directory to execute arbitrary code.

Only Windows users who run gh inside untrusted directories are affected.


Remediation

Install security update from vendor's website.

Sources