CVE-2026-3854 (GCVE-0-2026-3854)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:37 – Updated: 2026-03-11 14:27
VLAI?
Title
Remote code execution via git push option injection in GitHub Enterprise Server
Summary
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Affected:
3.14.0 , ≤ 3.14.23
(semver)
Affected: 3.15.0 , ≤ 3.15.18 (semver) Affected: 3.16.0 , ≤ 3.16.14 (semver) Affected: 3.17.0 , ≤ 3.17.11 (semver) Affected: 3.18.0 , ≤ 3.18.5 (semver) Affected: 3.19.0 , ≤ 3.19.2 (semver) |
Credits
Sagi Tzadik @ Wiz.io
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:27:26.527095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T14:27:37.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.14.24",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.23",
"status": "affected",
"version": "3.14.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.15.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.15.18",
"status": "affected",
"version": "3.15.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.16.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.16.14",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.17.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.17.11",
"status": "affected",
"version": "3.17.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.18.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.18.5",
"status": "affected",
"version": "3.18.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.19.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.19.2",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik @ Wiz.io"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3.\u003cbr\u003e"
}
],
"value": "An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T17:37:34.890Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.24"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.3"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Remote code execution via git push option injection in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2026-3854",
"datePublished": "2026-03-10T17:37:34.890Z",
"dateReserved": "2026-03-09T20:19:58.513Z",
"dateUpdated": "2026-03-11T14:27:37.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3854\",\"sourceIdentifier\":\"product-cna@github.com\",\"published\":\"2026-03-10T18:19:06.007\",\"lastModified\":\"2026-03-12T18:45:25.490\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales fue identificada en GitHub Enterprise Server que permit\u00eda a un atacante con acceso de push a un repositorio lograr ejecuci\u00f3n remota de c\u00f3digo en la instancia. Durante una operaci\u00f3n de git push, los valores de opci\u00f3n de push proporcionados por el usuario no se sanitizaban correctamente antes de ser incluidos en los encabezados de servicio internos. Debido a que el formato del encabezado interno utilizaba un car\u00e1cter delimitador que tambi\u00e9n pod\u00eda aparecer en la entrada del usuario, un atacante pod\u00eda inyectar campos de metadatos adicionales a trav\u00e9s de valores de opci\u00f3n de push manipulados. Esta vulnerabilidad fue reportada a trav\u00e9s del programa GitHub Bug Bounty y ha sido corregida en las versiones de GitHub Enterprise Server 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 y 3.19.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.14.24\",\"matchCriteriaId\":\"EB7E4D72-FF86-46B4-B083-AF569D3C3113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.15.0\",\"versionEndExcluding\":\"3.15.19\",\"matchCriteriaId\":\"F454B367-74E1-49D4-A8C0-BCE14CF453E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.16.0\",\"versionEndExcluding\":\"3.16.15\",\"matchCriteriaId\":\"AC07747C-95D1-4438-BBD8-9BC3C8F6B5F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.17.0\",\"versionEndExcluding\":\"3.17.12\",\"matchCriteriaId\":\"71BDBBDA-966C-419F-8D4F-5E7FB2411AE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.18.0\",\"versionEndExcluding\":\"3.18.6\",\"matchCriteriaId\":\"32CB5071-12A8-4C9A-9572-4FBC5C20F869\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.19.0\",\"versionEndExcluding\":\"3.19.3\",\"matchCriteriaId\":\"F7BDDDA3-FE7D-45F6-842C-0D023D926E18\"}]}]}],\"references\":[{\"url\":\"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.24\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.19\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.15\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.12\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.6\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.3\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3854\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T14:27:26.527095Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-11T14:27:32.082Z\"}}], \"cna\": {\"title\": \"Remote code execution via git push option injection in GitHub Enterprise Server\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sagi Tzadik @ Wiz.io\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GitHub\", \"product\": \"Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.14.24\", \"status\": \"unaffected\"}], \"version\": \"3.14.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.14.23\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.15.19\", \"status\": \"unaffected\"}], \"version\": \"3.15.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.15.18\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.16.15\", \"status\": \"unaffected\"}], \"version\": \"3.16.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.16.14\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.17.12\", \"status\": \"unaffected\"}], \"version\": \"3.17.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.17.11\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.18.6\", \"status\": \"unaffected\"}], \"version\": \"3.18.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.18.5\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.19.3\", \"status\": \"unaffected\"}], \"version\": \"3.19.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.19.2\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.24\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.19\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.15\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.12\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.6\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.3\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6 and 3.19.3.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"shortName\": \"GitHub_P\", \"dateUpdated\": \"2026-03-10T17:37:34.890Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-3854\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-11T14:27:37.580Z\", \"dateReserved\": \"2026-03-09T20:19:58.513Z\", \"assignerOrgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"datePublished\": \"2026-03-10T17:37:34.890Z\", \"assignerShortName\": \"GitHub_P\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…