Skip to main content

Gitbutler

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-45261 CRITICAL PATCH Act Now

Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.

RCE Code Injection Gitbutler
NVD GitHub
CVSS 4.0
9.3
CVE-2026-45261
CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in GitButler desktop application versions prior to 0.19.7 allows attackers to execute arbitrary scripts within the Tauri webview by injecting malicious links into pull request bodies. The flaw activates when a user with forge integration enabled clicks the crafted link, leading to full compromise of the desktop client context. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-xpmj-536r-9fc6 publicly documents the issue.

RCE Code Injection Gitbutler
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy