Tooling

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-4660 HIGH PATCH GHSA This Week

Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.

Information Disclosure Golang Tooling

NVD VulDB

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-4660

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.

Information Disclosure Golang Tooling

NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy